Reply to: Another website hijack

Tor duckduckgo

Provides a clean interface together with a no-tracking privacy policy. Offers keyboard shortcuts to navigate and zero-click information sources displayed in the

https://duckduckgo.com/

Tor friendly

Google,Facebook,Twitter are just Intelligence gathering portals for the Feds so why use them? With Tor you cannot access as they have blocked all the known nodes anyway.

As more and more people become aware of privacy issues on the Internet they are going to start using this site.

Cheers Nick. My site has the same problem as this other one is an add on domain to it. I shoulda known that was a mistake. Unfortunately I contacted the host "support" (hah, hah) and they said it must be an htaccess/coding problem.

Pretty sure it ain't, I downloaded all my files in public_html and compared them with versions on my disc - nothing unexpected at all. Can't check her Wordpress stuff of course.

Websniffer gives different results

http://web-sniffer.net/

PPS Your comment is given credence by the fact that the website mine is redirecing to is also with the same host! I have submitted another ticket to support pointing that out.

It could be something to do with the way the web hosting is configured. Presumably it's a virtual host, so it needs the Host: HTTP header to know which site to serve. If it's misconfigured for HTTPS connections, it could be presenting the SSL certificate for the other site (hence the message about the cert being for a different domain). If the browser then retries via a non-secure connection, perhaps it gets confused and uses the domain for which the certificate was provided, leading you to the pots and pans.

I'd take it up with the hosting company. When I try to go to my site's virtual host using https: the server simply refuses the connection - not any HTTP response code, just refuses to even start the handshaking to establish a connection. As your friend's site only wants to be on http: that's what it should do.

Think there are two separate issues. A bit of code in htaccess stops the security warning.

The redirect is another problem. Doing further checks for any hacks but I am not convinced there is anything amiss in my pages or code. On my blog, https: gives me the warning and continue directs me to the host's support page. That is not a default page I have set so suspect this is something the hosts would normally be setting.

I was reading on a forum last year that it was causing problems to those small business sites that had https previously, and then decided not to continue with it as they decided not to sell on the site.

Just tried mine on https - it just doesn't work.

The other site doesn't come up at all yet. Mine is ok. Just going from Cojak's comment that Google can have a problem.

I've been looking at some other sites with the same hosts. Generally, although the top bar may be red and show certificate error, https://etc brings up same page as http://. Not sure how they are doing that but it's possible.

Getting SSL cert and a dedicated ISP to support it would be another £100 odd a year.

What does a google search for the site come up with?

Agree link to a secure card site is not a problem. I wasn't linking to https by intent. It is just that, for some reason this afternoon, everytime I typed website.co.uk into the IE address bar it opened https:// instead of http:// and gave me this error. It isn't doing it now but, as Cojak said, Google has had this problem before and, from the web, some Firefox versions sometimes do it.

Now I'm wondering how many might open this or my own website, not notice the extra s that Google/IE/Firefox etc has put in and think there's a virus or something. Ideally all I want is for a page not found to come up.

A WP site that has some form of ecommerce plugin with PayPal as payment processor should direct to PayPal's https link and therefore secure and won't throw an error.

What link on the site goes to https or are you just trying that directly?

Cheers for those. I don't think it has an SSL certificate as nothing requiring security is needed. It's a Wordpress thing. There is a shop but I think that's by link to Paypal.

I understand a certicate will be necessary to avoid a warning if somebody enters https but then redirecting or linking from a secure page to an insecure one apparently gives a warning anyway. Does she need to secure the entire site just to cater for typos or quirky browser/Google autofills? (IE seems to have stopped doing it now!)

What on earth do pople with normal sites do about this? It ought to be a common problem but one would not think so looking on the net.


Hmmm: Maybe I'm not the only one who's never noticed this problem before but at least CUK doesn't redirect to a site for cookware appliances.

https://forums.contractoruk.com/

I'm not a techy but is it something to do with this?

Google Redirects Your Search To Https? Change It! -

Does the site actually have a valid SSL Certificate? If it doesn't going to https will throw a warning.