Author Topic: Tropical Fruit Forum Running Secure! SSL  (Read 5973 times)

Patrick

  • Administrator
  • Hero Member
  • *****
  • Posts: I am a geek!!
    • USA, Palm Beach, FL 33467, Zone 10a
    • View Profile
Tropical Fruit Forum Running Secure! SSL
« on: March 04, 2021, 09:26:19 AM »
After 11 years our forum is finally running on a secure platform! Our SSL Cert went into effect this morning without issue! This will allow additional members that were limited by our lack of SSL to join!

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #1 on: March 04, 2021, 12:03:14 PM »
Nice. Looks like you are using Cloudflare for hosting. The site is still serving both http and (now) https content, not ideal, but an easy fix. You should force any traffic coming in to use https, here's a page that tells you how to do it (Cloudflare instructions are #3): https://geekflare.com/http-to-https-redirection/

You may get some mixed-content warnings, another super easy fix in Cloudflare: https://www.cloudflare.com/website-optimization/automatic-https-rewrite/


Patrick

  • Administrator
  • Hero Member
  • *****
  • Posts: I am a geek!!
    • USA, Palm Beach, FL 33467, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #2 on: March 04, 2021, 12:29:32 PM »
Awesome tip! Thanks Jake!!

And yes, we are running on Cloudflare!

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #3 on: March 04, 2021, 12:41:55 PM »
Anything I can do to help. TFF nearly disappeared in Google's search results, this is a good step towards getting back to where it belongs in the rankings.

Patrick

  • Administrator
  • Hero Member
  • *****
  • Posts: I am a geek!!
    • USA, Palm Beach, FL 33467, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #4 on: March 04, 2021, 01:25:13 PM »
Jake,

That's one of the reasons we went with the SSL.  Another reason we lost Google ranking was because of the hosting update back in January.  Somehow there was a code that basically blocked all the search engines slipped in during the transition.  That was removed a few days ago.

John B

  • Sr. Member
  • ****
  • Posts: 393
    • USA, San Diego, CA, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #5 on: March 04, 2021, 11:16:56 PM »
Thank you very much!

shmojojojo

  • Member
  • ***
  • Posts: 224
    • Southern California, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #6 on: March 05, 2021, 12:56:55 AM »
Site looks great 8)

Felipe

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1386
    • Canary Islands, Spain - 12b
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #7 on: March 05, 2021, 07:19:24 AM »
Right now I had to delete a lot of spam threads and fake accounts. Never seen that before. Is it maybe related to this change?

bsbullie

  • Hero Member
  • *****
  • Posts: 9621
    • USA, Boynton Beach, FL 33472, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #8 on: March 05, 2021, 07:36:56 AM »
Right now I had to delete a lot of spam threads and fake accounts. Never seen that before. Is it maybe related to this change?

That has happened on occasion in the past.
- Rob

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile

Patrick

  • Administrator
  • Hero Member
  • *****
  • Posts: I am a geek!!
    • USA, Palm Beach, FL 33467, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #10 on: March 05, 2021, 11:44:40 AM »
Jake,

I tried those this morning and crashed the site.. LOL I just signed up for a security plan from GoDaddy hosting at a hefty cost.  We were getting bombarded with spam and malware.  We had malware injected in the forum too..  It getting fixed now.

ScottR

  • Hero Member
  • *****
  • Posts: 2222
    • USA,Arroyo Grande,Calif. 93420,zone 9b
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #11 on: March 05, 2021, 12:02:00 PM »
Thanks Patrick, for all the work to keep web page safe, was a little worried this morning when i first tried to pull up web site and there was and error message. but fine now with old look back Cool!! ;)

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #12 on: March 05, 2021, 01:04:40 PM »
Shouldn't be a hefty price; what's GoDaddy saying they are going to do (can you link the page/plan you subscribed to)?  GoDaddy has become the "Jack of All Trades, Master of None" one stop big shop; fleecing the non-tech-savvy is their angle these days.

I'd duplicate the site to a subfolder and do the same with the database, do all your testing/tweaks to a copy of the site first. If you think you might break something, test on a copy rather than the live site. I'm curious when you say malware, you mean people posts linking to malware downloads, right?

I'm not trying to sell myself in, but I'd be happy to help you. I won't charge anything; I've gotten a lot out of the forum over the last two years. I've been a site/server admin for the last two decades, I'm sure I can harden things up. You can't stop someone determined to jump through all the hoops of registration/activation/capatcha just to post spam, but you can make it so difficult most give up.
« Last Edit: March 05, 2021, 02:28:12 PM by JakeFruit »

Felipe

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1386
    • Canary Islands, Spain - 12b
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #13 on: March 05, 2021, 01:34:57 PM »
Thank you very much Patrick for your work and also Jake for offering your help!  :)

Unfortunatelly I don't have much idea about informatics  ;D

slopat

  • Member
  • ***
  • Posts: 168
    • USA, California, central coast, 9b
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #14 on: March 05, 2021, 03:03:07 PM »
Great job!

The HTTPS extension is I use is much happier now.. less worry about some sniffer swiping the login credentials.

Many thanks again on providing this service!

Pat.

Btw:   security and tools are not cheap so do you need some donations?  I'm there next to JakeFruit with free  brain power, specifically cyber security.

mbmango

  • Member
  • ***
  • Posts: 194
    • LAX, CA
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #15 on: March 06, 2021, 01:15:45 AM »
Anyone else having trouble using the "Add image to post" function?  postimage will take my image, but the callback (http://tropicalfruitforum.com/index.php?action=post;board=12.0&postimage_id=0&postimage_text=...) gets a 403 back.  User sees

Access Denied - GoDaddy Website Firewall
If you are the site owner (or you manage this site), please whitelist your IP or if you think this block is an error please open a support ticket and make sure to include the block details (displayed in the box below), so we can assist you in troubleshooting the issue.

Block details:
...

mbmango

  • Member
  • ***
  • Posts: 194
    • LAX, CA
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #16 on: March 06, 2021, 01:18:17 AM »
Oh, i have to use the link below the input box, not the one above it.

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #17 on: March 06, 2021, 07:45:14 AM »
Just tested the image upload, confirming it's being blocked by GoDaddy's firewall.
Code: [Select]
Access Denied - GoDaddy Website Firewall
If you are the site owner (or you manage this site), please whitelist your IP or if you think this block is an error please open a support ticket and make sure to include the block details (displayed in the box below), so we can assist you in troubleshooting the issue.

Block details:
Your IP:
URL: tropicalfruitforum.com/index.php?action=post;topic=42845.0;last_msg=420559&postimage_id=0&postimage_text=%0A%5Burl%3Dhttps%3A%2F%2Fpostimg.cc%2Fvc0S7y0y%5D%5Bimg%5Dhttps%3A%2F%2Fi.postimg.cc%2Fvc0S7y0y%2FIMG-2158.jpg%5B%2Fimg%5D%5B%2Furl%5D%0A
Your Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Block ID: EXPVP5
Block reason: Exploit attempt denied by virtual patching.
Time: 2021-03-06 07:42:22
Server ID: 17003
« Last Edit: March 06, 2021, 07:48:19 AM by JakeFruit »

Patrick

  • Administrator
  • Hero Member
  • *****
  • Posts: I am a geek!!
    • USA, Palm Beach, FL 33467, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #18 on: March 06, 2021, 08:38:22 AM »
Jake,

It seems we may need a bit of your expertise.. LOL

Godaddy blows.

They did remove a bunch of Malware last night, however we are still getting blasted by spammers.

I'm going to bump your account to a mod level for starters if you don't mind.  I will work on getting you an admin account if all goes well.

I added some settings to block spammers, requiring questions answered on the first five posts as well as more advanced captcha.
« Last Edit: March 06, 2021, 09:14:12 AM by pj1881 (Patrick) »

Patrick

  • Administrator
  • Hero Member
  • *****
  • Posts: I am a geek!!
    • USA, Palm Beach, FL 33467, Zone 10a
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #19 on: March 06, 2021, 08:58:23 AM »
Jake,

We can whitelist the image loader I think.  Any suggestions?

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #20 on: March 06, 2021, 12:31:30 PM »
Hi Patrick. You came up to speed fast on what to expect from GoDaddy :)
What Malware did they remove? Did you have scripts that were uploaded?? PM me with whatever GoDaddy sent you on the malware removal, I'm very curious what it could be.

Mod/Admin access to SMF doesn't allow me to do much of anything, I'd need access to your hosting account. There are several steps I would take right now, but SMF is also about to release a stable version 2.1 (they are on RC4, can't imagine there are many bugs left to squish). We can wait until that's released and do it all at once. We can get on a call to discuss the details, PM me if you want.

Spammers like you have on here now are tough to stop in an automated fashion. You have an image captcha and 3 challenge questions on the registration form, so it's (likely) real people signing up and posting the nonsense. There are a couple ways I know of to fight these guys, but I'm not sure what plugins SMF has available. Quick search gave me this one, looks promising: https://custom.simplemachines.org/mods/index.php?mod=3851
Active moderators (you trust) that have the ability to delete posts and ban/suspend users are your best bet for an easy fix.

murahilin

  • Administrator
  • Hero Member
  • *****
  • Posts: 3285
    • USA Greenacres, Florida Zone 10b
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #21 on: March 06, 2021, 12:42:52 PM »
Hi Patrick. You came up to speed fast on what to expect from GoDaddy :)
What Malware did they remove? Did you have scripts that were uploaded?? PM me with whatever GoDaddy sent you on the malware removal, I'm very curious what it could be.

Mod/Admin access to SMF doesn't allow me to do much of anything, I'd need access to your hosting account. There are several steps I would take right now, but SMF is also about to release a stable version 2.1 (they are on RC4, can't imagine there are many bugs left to squish). We can wait until that's released and do it all at once. We can get on a call to discuss the details, PM me if you want.

Spammers like you have on here now are tough to stop in an automated fashion. You have an image captcha and 3 challenge questions on the registration form, so it's (likely) real people signing up and posting the nonsense. There are a couple ways I know of to fight these guys, but I'm not sure what plugins SMF has available. Quick search gave me this one, looks promising: https://custom.simplemachines.org/mods/index.php?mod=3851
Active moderators (you trust) that have the ability to delete posts and ban/suspend users are your best bet for an easy fix.

I added one of those spam stoppers for the forum a few years ago that worked pretty well for a while. I think the recent upgrades seemed to have removed the filter.

JakeFruit

  • Mod Emeritus
  • Hero Member
  • *****
  • Posts: 663
  • FL Gulf Coast Fruit Lover Spam Fighter
    • zone 10A
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #22 on: March 06, 2021, 02:46:33 PM »
If the forum was upgraded, rather than patched, it would have lost any mods. Not sure a plugin is considered a mod, but it's likely if it was lost after an upgrade.
https://wiki.simplemachines.org/smf/Upgrading

This thread is getting down-right geeky  :D

RollingInTheWeeds

  • Member
  • ***
  • Posts: 98
    • USA, CA., South Bay area of Los Angeles, USDA 10b, Sunset 24
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #23 on: March 06, 2021, 04:23:54 PM »
Many thanks!  Having SSL is good news, and I appreciate all the work you folks are putting in to enable us to just log in and enjoy the conversations!

zands

  • mango_zango
  • Hero Member
  • *****
  • Posts: 4455
    • Zone 10b, Florida, USA, 33321
    • View Profile
Re: Tropical Fruit Forum Running Secure! SSL
« Reply #24 on: March 07, 2021, 07:42:16 AM »
Why not consider semi- archiving this site. How large is all the info here? One or two gigabytes? Have all this put on  hard drive/SSD at your hosting center. Then start the site anew on a new hard drive. Of course you show an access link to the old hard drive and the old posts/information. My guess is that when people come here they are looking up old posts 5-10% of the time.