Amibay website issues - SSL problem?

  • Thread starter Thread starter B00tBl0ck
  • Start date Start date
  • Replies Replies 18
  • Views Views 481
Status
Not open for further replies.
B

B00tBl0ck

Member
Joined
Oct 30, 2018
Posts
62
Country
Hong Kong
Region
Hong Kong
Please can someone help inform the Amibay site admins.

Over the past few days connectivity to Amibay is not working for me via different ISPs. I note some other reports on the Amibay Facebook page.

(i.) Mostly it is a connection timeout.
(ii.) On occasions I get a different error message from Firefox:

Secure Connection Failed

An error occurred during a connection to www.amibay.com. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.

I have managed to get a connection by using a VPN server hosted in another country, however, Firefox reports that there is no SSL. I am currently using that connection to post this message after logging in via the unencrypted connection.
 
Last edited:
I am a former Admin that is stepping back into the breach to help Harrison as I became aware of this today. On my browser (Chrome) it shows as not secure, so I'll take this up with Harrison, as it may be the https side of things that has gone flaky.
 
Hi Merlin,
Having the same issues in Australia ATM over the last week.
It is acting a bit like a geo-lock, if I use a VPN and bounce off a country in Europe no problems connecting.:)
But if I try to connect from my Australian ISP, connection time-out to the site:(

Hope that helps,
 
Last edited:
Dano said:
Hi Merlin,
Having the same issues in Australia ATM over the last week.
It is acting a bit like a geo-lock, if I use a VPN and bounce off a country in Europe no problems connecting.:)
But if I try to connect from my Australian ISP, connection time-out to the site:(

Hope that helps,
Click to expand...

I have been doing the same thing as Dano. Have to use a vpn and european country to get here.
Also is showing as NOT Secure in all of my browsers, chrome, MS Edge, Opera and FireFox.

This has been happening for about 2 weeks for me.
 
Hmm, it may be an SSL certificate issue - the regional angle has me non-plussed though. I'm not Admin or Dev enough to solve this alone, but as soon as Harrison shows up and restores my access, I'll take some of the workload off him and work with him to solve it.
 
Last edited:
FYI - I posted the original message via a VPN server in Italy. Now it is not working via that route. This message is via a UK VPN server, again unsecured connection.
 
I can confirm a similar issue with connections from my home ISP. (Telstra Australia). I can connect over Cellular networks and also when using a VPN. VPNs from an Australian IP do seem to work as well so I'm not sure it's geolocking.
 
We have had maybe 2-3 weeks of "connection timeout" issues in Australia. A traceroute showed it got out of Australia and bombed out somewhere outside of the country. Did I save the traceroute? Heck no I didnt, that would be common sense wouldnt it.
However, Amibay seems to have come back to Australian users in the past 48 hours...
 
Yep, I can confirm all connections to AmiBay from my little neck of the Australian woods is working without the need for a VPN as well. PMs also appear to be working a bit better for me now as well without the long waits to post.
 
Australian here, haven't had any problems at all over the last month or so. Not using HTTPS, just plain unencrypted HTTP.

My ISP is ABB. I saw eldeevo mentioned Telstra, what ISPs are others using?
 
Telstra for home NBN, Vodafone on the mobile, both would get timeout issues.
 
I was also getting timeouts for a few weeks on TPG NBN and Telstra mobile. Seems to be working fine since earlier this week now though.
 
I work in IT and regularly admin SSL certificates on production web servers. If mods here think I may be able to help, feel free to PM me.
 
I have certificates. That's not the issue. Running on very old forum software is the problem, but due to the way logins and passwords are stored here, plus the complete absense of any other sensitive data stored in our database (we don't deal with any payment or transactions) they isn't really any sensitive data other than a member's username and email address. Therefore SSL isn't a current high priority. As and when we get time to upgrade to a newer platform SSL will be as standard.
 
I would have thought that the PM's between users would also be stored within the database/forum software, so they usually contain sensitive data such as addresses for shipping etc. Additionally your main risk of running without TLS in place is that redirection can occur without the clients knowledge, therefore if someone chooses to hijack Amibay's domain, and host a duplicate to capture the details entered by users, the client browser will have no reference, as there's no certificate in place to authenticate the real domain. Moving to TLS actually should be top of the priority list to protect your members and yourselves as a host from culpability. TLS for the front end service (whether IIS or Apache or other) should only take a few minutes to implement once you have the certificate signed. This is nothing to do with the "back-end" part of the forum software, only the front end between the client and the server. Hope this helps.
 
Implimenting ssl isn't the issue. I've been assigning certificates to sites for years. The issue is a very out of date version of vBulletin, which is heavily based on old code. As such a lot of the vbulletin scripts and templates are hard coded and instantly break when the url is altered from http to https. I just don't have the time or inclination to go through thousands of scripts and templates as I'm ditching vB4 soon to migrate the site to the currently supported platform.
 
I echo the concerns made above. If the issue is with vBulletin, then I would suggest running it behind a reverse proxy (hosting HTTPS) until a replacement is ready to go live. This would secure the site and give time to those migrating the site to a new platform.

Harrison said:
Implimenting ssl isn't the issue. I've been assigning certificates to sites for years. The issue is a very out of date version of vBulletin, which is heavily based on old code. As such a lot of the vbulletin scripts and templates are hard coded and instantly break when the url is altered from http to https. I just don't have the time or inclination to go through thousands of scripts and templates as I'm ditching vB4 soon to migrate the site to the currently supported platform.
Click to expand...
 
Status
Not open for further replies.

Similar threads

AmiNeo
Apple Developer Website Issues
Replies
9
Views
227
Harrison
Harrison
Back
Top Bottom