The forum has moved, and you are here!

Discussion in 'Forum Related Discussions' started by LowWaterMark, Mar 9, 2014.

Thread Status:
Not open for further replies.
  1. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    556
    Location:
    USA
    This would be a great time to come up with a unique favicon for the site, maybe a shield or a key or something. Even just a W for Wilders would be nice.
     
  2. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    Congratulations with successful move.

    Wilders Forums became even better!

    :thumb:
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Good job with the upgrade Mike. It's faster than ever now.:thumb:
     
  4. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,953
    such ugly tab icon.......

    -----------------------------------
    :thumb:
     
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,201
    Location:
    New England
    Yes, I was able to make some good backend upgrades building out the new server.

    We're at the updated cipher suites now. (I was working through many options yesterday, as I was picking settings, and ran that same report several times myself.) We can't beat the rated percentages, (95, 90, 90, which is the best we've ever scored). I have just lowered RC4 further than the test you saw. There was one more thing I could try, and worked just now.
     
  7. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I only see non-EC GCM cyphers, which is why you're failing the FS test with Chrome and getting A- instead of A (AFAIK).
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,201
    Location:
    New England
    Thanks, that helped. It's still 95, 90, 90, but, the list looks better now.
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Yeah. You'll want things like HSTS enabled if you're chasing an A+.

    I believe you also want to prioritize TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 over CBC cyphers even if the latter is 256 (so it should be 2nd on the list) but I'm not 100% sure. AFAIK GCM is meant to be flat out better.
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,201
    Location:
    New England
    Our self-signed certificate is expiring soon, so, I just made a new one to cover this next year.

    My reason for using my own signing has been explained in the past, and, I'm keeping with that approach for this next year, as well.

    https://www.wilderssecurity.com/showthread.php?t=343834

    I increased the hash in the signature algorithm from sha1 to sha256 (sha256WithRSAEncryption) per recommendations.

    New fingerprint for this next year is as follows
    SHA-1: 01 3A AC 77 8C CF A0 A2 43 25 E6 D6 A6 6E FD D0 D6 37 61 6E
    SHA-256: 6C 68 D5 AB C5 63 DD B0 BE 8D DD A0 E0 93 7A 61 A0 93 4B D0 20 61 63 56 BA 77 84 0F 30 3D AA 5B
    - The above was removed on April 8th in response to the Heartbleed SSL exploit


    Image of fingerprints
    image-of-certificate-2014-2015-period.jpg
     
    Last edited: Apr 8, 2014
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,260
    Location:
    Outer space
    Nice :)
    I see there is a new certificate, is this the correct SHA-1 fingerprint?
    EDIT: You just beat me ;)
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,162
    LOL! As soon as I clicked on my Wilder's bookmark I had a warning flag telling me the fingerprint didn't match. I updated it (after reading your post) but it was amazing how I was instantly "flagged". Nice MITM protection.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,430
    Location:
    Here
    :thumb: I didn't even know there was a https version of this forum. I added certificate and will use secure version in future.

    hqsec
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    I usually don't bother using https with Wilders...but just tried it.

    Opera popped up that there was a new certificate.

    ScreenShot_Wilders_new certificate_01.gif

    ScreenShot_Wilders_new certificate_02.gif
     
  15. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Wilders new server

    Hi, With regard to the forum moving hosting companies, just want to mention that since the announcement Wilders has gone from read only in the old server to being in the new location, back and forth since the announcement a few times. Early this morning NY time it was in the new, and around noon it wasn't, and now its back in the new location. I thought I'd mention it while its in the new before I lose it again in case you aren't aware. :)
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,201
    Location:
    New England
    Re: Wilders new server

    It's not actually moving back and forth. It's a DNS update issue. One or more of the DNS servers you are using has not yet updated our domain record to point to the new IP address.

    See this thread. Some others are having the same issue:

    https://www.wilderssecurity.com/showthread.php?t=361218

    Basically, DNS should have propagated in 4 hours or less, which was the expiration time (TTL) set on the old DNS record. But, a few members are still hitting DNS servers that have not updated yet, more than 38 hours since I changed the DNS record to point here.

    The only thing you can do in the meantime is either switch DNS servers to ones like Googles or OpenDNS, or, add our IP address to your hosts file.

    Code:
    107.170.53.243	wilderssecurity.com
    107.170.53.243	www.wilderssecurity.com
    
     
  17. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    813
    Location:
    North of the 38th parallel.
    LWM and friends:

    I see where our favorite forum has had its SSL certificate renewed and strengthened this morning. Although I was secretly wishing for a stronger message authentication code (MAC) like SHA-256 from SHA1, I'm still very proud of all the folks that were involved in the move and the overall general upkeep of the forum. :thumb: :thumb: :thumb: :thumb: :thumb:

    But hey - maybe we'll get a new MAC for Christmas!

    For N00bs - this forum is maintained better than some banking sites!
     
    Last edited: Mar 10, 2014
  18. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Re: Wilders new server

    LowWaterMark, Thanks for the heads up. Can you help me? I don't know where to find my hosts file. Can you point me to it on my computer? Or will this eventually correct itself?
     
    Last edited: Mar 10, 2014
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,959
    Re: Wilders new server

    I don't have Win installed now, but Googling, it appears to be located here:

    c:\windows\system32\drivers\etc
     
  20. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Re: Wilders new server

    Kerodo, Thanks. Will this finally just correct itself without me doing anything?
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,959
    Re: Wilders new server

    You're welcome... Not sure, on that question. LowWaterMark would know I imagine..
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    Hi,

    Most of the technical discussions here are beyond my comprehension, but if all of it helps, then I'm glad for the changes!

    An observation: I don't notice any difference in loading the site, nor in navigating. Pages have always loaded in about 1-1/2 sec. on my cable connection, and it seems to be the same now.

    A couple of questions:

    1) People mention using a host file. What is the advantage of that with respect to visiting Wilders?

    2) What is the advantage of using the HTTPS connection?

    thanks,


    ----
    rich
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,959
    So far, I have had no issues accessing the site, and I must say, it does seem much faster/quicker to load pages, and I see none of the mild occasional glitches that I was seeing a week ago or so. This seems much improved...
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,430
    Location:
    Here
    Some people are using DNS servers that haven't yet updated heir DNS records for wilderssecurity.com. In such case hosts file can be used to get to right IP when using wilders domain.

    HTTPS connection provides encryption for your internet traffic on this site. That means that your ISP (or somebody else) can't monitor the content of your network traffic while you're on this site.

    hqsec
     
  25. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hmmmm... :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.