• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Another website hijack

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Another website hijack

    Not mine this time but somebode I know.

    http:etc appears to be ok but https:etc brings up "The security certificate presented by this website was issued for a different website's address" and continue to website goes to a third party sales thing.

    Unfortunately, if one just types website.co.uk into IE expecting it to auto fill the http:/www stuff as usual I get https: and not http:

    Not much idea about this http and https stuff or why would they give different addresses. Any ideas appreciated.

    PS The site it goes to appears to be a legitimate UK site so probably not a hack. Wondering if there is just something missing setting wise. On xoggoth site, as no https target explicitly set, it just goes to the host support page.

    My question appears to be:- how to direct https: to normal http: page?
    Last edited by xoggoth; 14 March 2013, 18:23.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

    #2
    Originally posted by xoggoth View Post
    Not mine this time but somebode I know.

    http:etc appears to be ok but https:etc brings up "The security certificate presented by this website was issued for a different website's address" and continue to website goes to a third party sales thing.

    Unfortunately, if one just types website.co.uk into IE expecting it to auto fill the http:/www stuff as usual I get https: and not http:

    Not much idea about this http and https stuff or why would they give different addresses. Any ideas appreciated.

    PS The site it goes to appears to be a legitimate UK site so probably not a hack. Wondering if there is just something missing setting wise. On xoggoth site, as no https target explicitly set, it just goes to the host support page.

    My question appears to be:- how to direct https: to normal http: page?
    Does the site actually have a valid SSL Certificate? If it doesn't going to https will throw a warning.
    Me, me, me...

    Comment


      #3
      I'm not a techy but is it something to do with this?

      Google Redirects Your Search To Https? Change It! -
      "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
      - Voltaire/Benjamin Franklin/Anne Frank...

      Comment


        #4
        Cheers for those. I don't think it has an SSL certificate as nothing requiring security is needed. It's a Wordpress thing. There is a shop but I think that's by link to Paypal.

        I understand a certicate will be necessary to avoid a warning if somebody enters https but then redirecting or linking from a secure page to an insecure one apparently gives a warning anyway. Does she need to secure the entire site just to cater for typos or quirky browser/Google autofills? (IE seems to have stopped doing it now!)

        What on earth do pople with normal sites do about this? It ought to be a common problem but one would not think so looking on the net.


        Hmmm: Maybe I'm not the only one who's never noticed this problem before but at least CUK doesn't redirect to a site for cookware appliances.

        https://forums.contractoruk.com/
        Last edited by xoggoth; 14 March 2013, 19:49.
        bloggoth

        If everything isn't black and white, I say, 'Why the hell not?'
        John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

        Comment


          #5
          Originally posted by xoggoth View Post
          Cheers for those. I don't think it has an SSL certificate as nothing requiring security is needed. It's a Wordpress thing. There is a shop but I think that's by link to Paypal.

          I understand a certicate will be necessary to avoid a warning if somebody enters https but then redirecting or linking from a secure page to an insecure one apparently gives a warning anyway. Does she need to secure the entire site just to cater for typos or quirky browser/Google autofills? (IE seems to have stopped doing it now!)

          What on earth do pople with normal sites do about this? It ought to be a common problem but one would not think so looking on the net.


          Hmmm: Maybe I'm not the only one who's never noticed this problem before but at least CUK doesn't redirect to a site for cookware appliances.

          https://forums.contractoruk.com/
          A WP site that has some form of ecommerce plugin with PayPal as payment processor should direct to PayPal's https link and therefore secure and won't throw an error.

          What link on the site goes to https or are you just trying that directly?
          Me, me, me...

          Comment


            #6
            Agree link to a secure card site is not a problem. I wasn't linking to https by intent. It is just that, for some reason this afternoon, everytime I typed website.co.uk into the IE address bar it opened https:// instead of http:// and gave me this error. It isn't doing it now but, as Cojak said, Google has had this problem before and, from the web, some Firefox versions sometimes do it.

            Now I'm wondering how many might open this or my own website, not notice the extra s that Google/IE/Firefox etc has put in and think there's a virus or something. Ideally all I want is for a page not found to come up.
            Last edited by xoggoth; 14 March 2013, 20:23.
            bloggoth

            If everything isn't black and white, I say, 'Why the hell not?'
            John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

            Comment


              #7
              Originally posted by xoggoth View Post
              Agree link to a secure card site is not a problem. I wasn't linking to https by intent. It is just that, for some reason this afternoon, everytime I typed website.co.uk into the IE address bar it opened https:// instead of http:// and gave me this error. It isn't doing it now but, as Cojak said, Google has had this problem before and, from the web, some Firefox versions sometimes do it.

              Now I'm wondering how many might open this or my own website, not notice the extra s that Google/IE/Firefox etc has put in and think there's a virus or something. Ideally all I want is for a page not found to come up.
              What does a google search for the site come up with?
              Me, me, me...

              Comment


                #8
                The other site doesn't come up at all yet. Mine is ok. Just going from Cojak's comment that Google can have a problem.

                I've been looking at some other sites with the same hosts. Generally, although the top bar may be red and show certificate error, https://etc brings up same page as http://. Not sure how they are doing that but it's possible.

                Getting SSL cert and a dedicated ISP to support it would be another £100 odd a year.
                bloggoth

                If everything isn't black and white, I say, 'Why the hell not?'
                John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

                Comment


                  #9
                  Originally posted by xoggoth View Post
                  The other site doesn't come up at all yet. Mine is ok. Just going from Cojak's comment that Google can have a problem.

                  I've been looking at some other sites with the same hosts. Generally, although the top bar may be red and show certificate error, https://etc brings up same page as http://. Not sure how they are doing that but it's possible.

                  Getting SSL cert and a dedicated ISP to support it would be another £100 odd a year.
                  Just tried mine on https - it just doesn't work.

                  Comment


                    #10
                    I was reading on a forum last year that it was causing problems to those small business sites that had https previously, and then decided not to continue with it as they decided not to sell on the site.
                    "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
                    - Voltaire/Benjamin Franklin/Anne Frank...

                    Comment

                    Working...
                    X