• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Another website hijack"

Collapse

  • Anonymous2012
    replied
    Tor duckduckgo

    Provides a clean interface together with a no-tracking privacy policy. Offers keyboard shortcuts to navigate and zero-click information sources displayed in the

    https://duckduckgo.com/

    Tor friendly

    Google,Facebook,Twitter are just Intelligence gathering portals for the Feds so why use them? With Tor you cannot access as they have blocked all the known nodes anyway.

    As more and more people become aware of privacy issues on the Internet they are going to start using this site.

    Leave a comment:


  • xoggoth
    replied
    Cheers Nick. My site has the same problem as this other one is an add on domain to it. I shoulda known that was a mistake. Unfortunately I contacted the host "support" (hah, hah) and they said it must be an htaccess/coding problem.

    Pretty sure it ain't, I downloaded all my files in public_html and compared them with versions on my disc - nothing unexpected at all. Can't check her Wordpress stuff of course.

    Websniffer gives different results

    http://web-sniffer.net/

    PPS Your comment is given credence by the fact that the website mine is redirecing to is also with the same host! I have submitted another ticket to support pointing that out.
    Last edited by xoggoth; 15 March 2013, 17:37.

    Leave a comment:


  • NickFitz
    replied
    It could be something to do with the way the web hosting is configured. Presumably it's a virtual host, so it needs the Host: HTTP header to know which site to serve. If it's misconfigured for HTTPS connections, it could be presenting the SSL certificate for the other site (hence the message about the cert being for a different domain). If the browser then retries via a non-secure connection, perhaps it gets confused and uses the domain for which the certificate was provided, leading you to the pots and pans.

    I'd take it up with the hosting company. When I try to go to my site's virtual host using https: the server simply refuses the connection - not any HTTP response code, just refuses to even start the handshaking to establish a connection. As your friend's site only wants to be on http: that's what it should do.

    Leave a comment:


  • xoggoth
    replied
    Think there are two separate issues. A bit of code in htaccess stops the security warning.

    The redirect is another problem. Doing further checks for any hacks but I am not convinced there is anything amiss in my pages or code. On my blog, https: gives me the warning and continue directs me to the host's support page. That is not a default page I have set so suspect this is something the hosts would normally be setting.

    Leave a comment:


  • cojak
    replied
    I was reading on a forum last year that it was causing problems to those small business sites that had https previously, and then decided not to continue with it as they decided not to sell on the site.

    Leave a comment:


  • mudskipper
    replied
    Originally posted by xoggoth View Post
    The other site doesn't come up at all yet. Mine is ok. Just going from Cojak's comment that Google can have a problem.

    I've been looking at some other sites with the same hosts. Generally, although the top bar may be red and show certificate error, https://etc brings up same page as http://. Not sure how they are doing that but it's possible.

    Getting SSL cert and a dedicated ISP to support it would be another £100 odd a year.
    Just tried mine on https - it just doesn't work.

    Leave a comment:


  • xoggoth
    replied
    The other site doesn't come up at all yet. Mine is ok. Just going from Cojak's comment that Google can have a problem.

    I've been looking at some other sites with the same hosts. Generally, although the top bar may be red and show certificate error, https://etc brings up same page as http://. Not sure how they are doing that but it's possible.

    Getting SSL cert and a dedicated ISP to support it would be another £100 odd a year.

    Leave a comment:


  • Cliphead
    replied
    Originally posted by xoggoth View Post
    Agree link to a secure card site is not a problem. I wasn't linking to https by intent. It is just that, for some reason this afternoon, everytime I typed website.co.uk into the IE address bar it opened https:// instead of http:// and gave me this error. It isn't doing it now but, as Cojak said, Google has had this problem before and, from the web, some Firefox versions sometimes do it.

    Now I'm wondering how many might open this or my own website, not notice the extra s that Google/IE/Firefox etc has put in and think there's a virus or something. Ideally all I want is for a page not found to come up.
    What does a google search for the site come up with?

    Leave a comment:


  • xoggoth
    replied
    Agree link to a secure card site is not a problem. I wasn't linking to https by intent. It is just that, for some reason this afternoon, everytime I typed website.co.uk into the IE address bar it opened https:// instead of http:// and gave me this error. It isn't doing it now but, as Cojak said, Google has had this problem before and, from the web, some Firefox versions sometimes do it.

    Now I'm wondering how many might open this or my own website, not notice the extra s that Google/IE/Firefox etc has put in and think there's a virus or something. Ideally all I want is for a page not found to come up.
    Last edited by xoggoth; 14 March 2013, 20:23.

    Leave a comment:


  • Cliphead
    replied
    Originally posted by xoggoth View Post
    Cheers for those. I don't think it has an SSL certificate as nothing requiring security is needed. It's a Wordpress thing. There is a shop but I think that's by link to Paypal.

    I understand a certicate will be necessary to avoid a warning if somebody enters https but then redirecting or linking from a secure page to an insecure one apparently gives a warning anyway. Does she need to secure the entire site just to cater for typos or quirky browser/Google autofills? (IE seems to have stopped doing it now!)

    What on earth do pople with normal sites do about this? It ought to be a common problem but one would not think so looking on the net.


    Hmmm: Maybe I'm not the only one who's never noticed this problem before but at least CUK doesn't redirect to a site for cookware appliances.

    https://forums.contractoruk.com/
    A WP site that has some form of ecommerce plugin with PayPal as payment processor should direct to PayPal's https link and therefore secure and won't throw an error.

    What link on the site goes to https or are you just trying that directly?

    Leave a comment:


  • xoggoth
    replied
    Cheers for those. I don't think it has an SSL certificate as nothing requiring security is needed. It's a Wordpress thing. There is a shop but I think that's by link to Paypal.

    I understand a certicate will be necessary to avoid a warning if somebody enters https but then redirecting or linking from a secure page to an insecure one apparently gives a warning anyway. Does she need to secure the entire site just to cater for typos or quirky browser/Google autofills? (IE seems to have stopped doing it now!)

    What on earth do pople with normal sites do about this? It ought to be a common problem but one would not think so looking on the net.


    Hmmm: Maybe I'm not the only one who's never noticed this problem before but at least CUK doesn't redirect to a site for cookware appliances.

    https://forums.contractoruk.com/
    Last edited by xoggoth; 14 March 2013, 19:49.

    Leave a comment:


  • cojak
    replied
    I'm not a techy but is it something to do with this?

    Google Redirects Your Search To Https? Change It! -

    Leave a comment:


  • Cliphead
    replied
    Originally posted by xoggoth View Post
    Not mine this time but somebode I know.

    http:etc appears to be ok but https:etc brings up "The security certificate presented by this website was issued for a different website's address" and continue to website goes to a third party sales thing.

    Unfortunately, if one just types website.co.uk into IE expecting it to auto fill the http:/www stuff as usual I get https: and not http:

    Not much idea about this http and https stuff or why would they give different addresses. Any ideas appreciated.

    PS The site it goes to appears to be a legitimate UK site so probably not a hack. Wondering if there is just something missing setting wise. On xoggoth site, as no https target explicitly set, it just goes to the host support page.

    My question appears to be:- how to direct https: to normal http: page?
    Does the site actually have a valid SSL Certificate? If it doesn't going to https will throw a warning.

    Leave a comment:


  • xoggoth
    started a topic Another website hijack

    Another website hijack

    Not mine this time but somebode I know.

    http:etc appears to be ok but https:etc brings up "The security certificate presented by this website was issued for a different website's address" and continue to website goes to a third party sales thing.

    Unfortunately, if one just types website.co.uk into IE expecting it to auto fill the http:/www stuff as usual I get https: and not http:

    Not much idea about this http and https stuff or why would they give different addresses. Any ideas appreciated.

    PS The site it goes to appears to be a legitimate UK site so probably not a hack. Wondering if there is just something missing setting wise. On xoggoth site, as no https target explicitly set, it just goes to the host support page.

    My question appears to be:- how to direct https: to normal http: page?
    Last edited by xoggoth; 14 March 2013, 18:23.

Working...
X