Why are some parts of Scribble Hub not secured?

[GDLiZy]

You know, I'm talking about the Connection is Secure at the top-left of Chrome.

The Forum main page is strangely the one that isn't secure, while others are secure.

Why is that?

 

[Rinne]

Not sure what you are talking about as it is secure for me. Both Firefox and Chrome say it is secure.
Have you checked whether it says http instead of https on the main page?

EDIT: Though it seems trying to enter with http redirects me immediately to the https anyway.

Nevermind, I checked the regular site not forum.
There are probably images that use http instead of https there, judging from the notification I get.

EDIT2: It's the image in the latest profile posts that is not secure. As these are send by other users, there's not much you can do outside of blocking those images.

 

[weakwithwords]

To clarify for those who might join later, GDLiZy is referring to https://forum.scribblehub.com/

I was going to hypothesize that it was due to the latest profile posts (images), but Rinne already mentioned it. I'm wondering if this also happens in other forum topic pages with linked images.

EDIT: 37.233.101.41/HoryFolder/gifs/Headpat.gif is what is causing the security alert probably because it uses an IP address instead of a recognized domain name.

 

[hory-portier]

Oh, this was unexpected. I'm the one that used this gif and also the owner of that serwer where I hosted gif.

First of all I want to assure everyone that could be worried that what I linked is just normal gif image and doesn't contain any dangerous things in it.

I use this method of sharing images for many years now as I trust my own server the most but it's true that I used ip instead of domain name and also that I don't use https protocol for my server. It should be a good thing that the problem was found out this way as it's just some innocent picture. I will make sure to use domain name next time as I have some domains connected to that server it was just hard to use it with the folder I put the image in. I will set some subdomain for it to avoid using ip. It shouldn't generate problems then, right?

Also if there is any need to do something on the side of my server (which I don't expect) then contact me. I don't want to cause problems to SH as I'm also one of users here and might even release my novel here in the future.

Anyway I hope that you will fix this on your side so it won't be possible to use ip links or using them won't generate problems. People with their own private servers tend to have habit of using it for hosting things they want to share.

 

[EVILATIONS]

Oh, this was unexpected. I'm the one that used this gif and also the owner of that serwer where I hosted gif.

First of all I want to assure everyone that could be worried that what I linked is just normal gif image and doesn't contain any dangerous things in it.

I use this method of sharing images for many years now as I trust my own server the most but it's true that I used ip instead of domain name and also that I don't use https protocol for my server. It should be a good thing that the problem was found out this way as it's just some innocent picture. I will make sure to use domain name next time as I have some domains connected to that server it was just hard to use it with the folder I put the image in. I will set some subdomain for it to avoid using ip. It shouldn't generate problems then, right?

Also if there is any need to do something on the side of my server (which I don't expect) then contact me. I don't want to cause problems to SH as I'm also one of users here and might even release my novel here in the future.

Anyway I hope that you will fix this on your side so it won't be possible to use ip links or using them won't generate problems. People with their own private servers tend to have habit of using it for hosting things they want to share.

Not only will you need to use a sub-domain, but you will also have to issue an SSL certificate for the said subdomain. You can use Certbot to issue a free and verified certificate for the subdomain because self-signed SSL Certificates won't be accepted by any browser. Non-HTTPS and HTTPS content on the same page causes the browsers to issue a Mixed Content Warning which can be found in the browser's console.

At ScribbleHub's side, they will have to censor/ban any content linked to from a Non-HTTPS URL. The content refers to images, files, gifs, videos, etc, and not normal links like http://evilations.com

 

[hory-portier]

Not only will you need to use a sub-domain, but you will also have to issue an SSL certificate for the said subdomain. You can use Certbot to issue a free and verified certificate for the subdomain because self-signed SSL Certificates won't be accepted by any browser. Non-HTTPS and HTTPS content on the same page causes the browsers to issue a Mixed Content Warning which can be found in the browser's console.

At ScribbleHub's side, they will have to censor/ban any content linked to from a Non-HTTPS URL. The content refers to images, files, gifs, videos, etc, and not normal links like http://evilations.com

Thank you for this explanation. I haven't heard about Certbot before. I will look into it on my free time. For now, I will just switch to using subdomain.
The one thing that is strange for me is that in the last 10 years this is most likely the first time that someone found a problem with it, and I was linking images this way in both, huge and small sites.

 

[AliceShiki]

Oh, this was unexpected. I'm the one that used this gif and also the owner of that serwer where I hosted gif.

First of all I want to assure everyone that could be worried that what I linked is just normal gif image and doesn't contain any dangerous things in it.

I use this method of sharing images for many years now as I trust my own server the most but it's true that I used ip instead of domain name and also that I don't use https protocol for my server. It should be a good thing that the problem was found out this way as it's just some innocent picture. I will make sure to use domain name next time as I have some domains connected to that server it was just hard to use it with the folder I put the image in. I will set some subdomain for it to avoid using ip. It shouldn't generate problems then, right?

Also if there is any need to do something on the side of my server (which I don't expect) then contact me. I don't want to cause problems to SH as I'm also one of users here and might even release my novel here in the future.

Anyway I hope that you will fix this on your side so it won't be possible to use ip links or using them won't generate problems. People with their own private servers tend to have habit of using it for hosting things they want to share.

You don't have to worry too much about it. You're not the first nor will you will be the last person to share an http link on the forums. It'll be fine.

Not only will you need to use a sub-domain, but you will also have to issue an SSL certificate for the said subdomain. You can use Certbot to issue a free and verified certificate for the subdomain because self-signed SSL Certificates won't be accepted by any browser. Non-HTTPS and HTTPS content on the same page causes the browsers to issue a Mixed Content Warning which can be found in the browser's console.

At ScribbleHub's side, they will have to censor/ban any content linked to from a Non-HTTPS URL. The content refers to images, files, gifs, videos, etc, and not normal links like http://evilations.com

Tony won't block http links on the forums. People click 3rd party links at their own risk, he won't actively harm user experience because some people aren't comfortable with seeing http stuff.

Like, geez, NU used http up until early 2019 IIRC, it's no biggie.

 

[EVILATIONS]

Thank you for this explanation. I haven't heard about Certbot before. I will look into it on my free time. For now, I will just switch to using subdomain.
The one thing that is strange for me is that in the last 10 years this is most likely the first time that someone found a problem with it, and I was linking images this way in both, huge and small sites.

Mixed-Content Warnings weren't a thing before that's why there wasn't any issue, but the browsers take them seriously now. SSL and whatnot, security, you know.

You don't have to worry too much about it. You're not the first nor will you will be the last person to share an http link on the forums. It'll be fine.

Tony won't block http links on the forums. People click 3rd party links at their own risk, he won't actively harm user experience because some people aren't comfortable with seeing http stuff.

Like, geez, NU used http up until early 2019 IIRC, it's no biggie.

I have no issue with there being http stuff nor did I ask anywhere in my post for them to implement what I said. I answered hory-portier's question and explained to him the solution, and that was all.

 

[hory-portier]

I believe that mixed on insecure content notification matters only if you're visiting sites that you expect to have highest security and might be targets of attacks like bank sites etc. But having https links for my server could still be useful.