Ray Proudfoot

External Link in Signature no longer working

18 posts in this topic

For over 7 years I have included a link in my signature to my weather website and a small php file that displays current weather conditions. Since 19:45hrs on 14 March this is no longer being updated.

The link is to a site I pay for hosting so there's no overhead on AvSim servers. I like to think this provides a useful public service. Can anyone help me get it working again please?

For info it's pointing to this location. http://www.cheadlehulmeweather.co.uk/banner.php

0

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Hi Ray,

Yes, you will need to tell your service we have a new link to AVSIM as we are now secure - https://www.avsim.com.  The old links will tell your service that the site is not secure.

Best regards,

Jim

0

Share this post


Link to post
Share on other sites

Thanks JIm. I'm not quite sure how I sort this out but I've asked the people who designed the banner what I need to say to my web hosting company. Hopefully it will be fixed soon.

0

Share this post


Link to post
Share on other sites

It appears to be working now. Cheerio!

 

uRJzL.png

0

Share this post


Link to post
Share on other sites
1 minute ago, n4gix said:

It appears to be working now. Cheerio!

Not unless you have been transported back to last Tuesday. :biggrin: I've been told it needs HPPTS security adding on my domain which may be expensive. Once I have a reply from my admin I'll reply.

0

Share this post


Link to post
Share on other sites
Just now, Ray Proudfoot said:

Not unless you have been transported back to last Tuesday. :biggrin: I've been told it needs HPPTS security adding on my domain which may be expensive. Once I have a reply from my admin I'll reply.

Oh, silly me! I thought you meant it wasn't showing up at all, so I paid no attention to the date in the upper right corner. I shouldn't think they'd charge for adding a single letter to the domain name: https: instead of http: :blink:

0

Share this post


Link to post
Share on other sites

I hope you're right Bill and it's that simple. However something tells me it won't be. Should know in a few hours.

0

Share this post


Link to post
Share on other sites

Bill / Jim,

With the help of my web hosting administrator I'm pleased to report my weather banner is now updating. He used letsencrypt to add the required level of security to satisfy AvSim.

Thanks for your help too. :smile:

LATER: Returning 40 mins later and the banner time has not updated. But if I type that url into the address bar it does show the latest time. Is this an AvSim issue?

0

Share this post


Link to post
Share on other sites

Hi Ray,

The link to the location of your image is not secure.  If you look at the top of this page you will see a yellow warning telling our members this page is not secure because of an image.  So, evidently it does not like the fact your image is getting info from a non-secure website.  So, it appears letsencrypt program needs to encrypt in both directions, incoming and outgoing.  I'm really not familiar with that.  Google is getting ready to embark on a program to warn Chrome users if a site they are visiting is secure or not.  The AVSIM Board and CEO does not want our members to be told this is not a secure site (even though it is w/o the Green Lock).  I have a feeling Firefox and Edge and Safari will be following sometime after Google kicks off their Green Lock program.  The program cost us money and we will not be getting rid of this security so, if they cannot fix this, then there is nothing we can do.  It is strange the banner was working.  Perhaps the 'letsencrypt' program the Admin used has an issue.  I do not see any of the functions working at this time and it is possible it was turned off by our Green Lock security program.

I will let our tech take a look at this topic to see if he knows of any fixes.

Best regards,

Jim

0

Share this post


Link to post
Share on other sites

I think there's a setting on our end that cached the non secure image on our server and then displays it securely on our side. For that reason it's probably going to be days old. I will see what effect it has on our performance to decrease the cache time on non secure images and follow up soon. 

1

Share this post


Link to post
Share on other sites

Jim & Chase,

Thank you for your feedback. I hope this isn't going to incur a lot of time and effort on your part. My website has no cookies I'm aware of but it does contain links to several external sites primarily to display weather information. The only thing that does store visitor info is the flag counter showing which country visitors live.

I don't want to have to change the whole site to a full https one. It exists to inform people of the weather where I live. It has no other purpose.

i know you want to make AvSim as secure as possible and that's reassuring. Hopefully a solution can be found to satisfy both our requirements. :smile:

0

Share this post


Link to post
Share on other sites
19 hours ago, Chase Kreznor said:

I think there's a setting on our end that cached the non secure image on our server and then displays it securely on our side. For that reason it's probably going to be days old. I will see what effect it has on our performance to decrease the cache time on non secure images and follow up soon. 

Do you have any limitations on what sites your service will cache and proxy for? I hope so.

Cheers!

Luke

0

Share this post


Link to post
Share on other sites
2 hours ago, Luke said:

Do you have any limitations on what sites your service will cache and proxy for? I hope so.

Cheers!

Luke

Given the innocuous nature of my weather website it would be useful if some exceptions could be made by AvSim. Having to change my website to a https one does have a downside. The Flash content is not displayed. That's just cities of the word times plus a graphic showing the phases of the moon. The Google Map showing my location is also blocked. If I'm happy to show the world where I live why would security block it?

In seven years I've had nearly 112,000 visits from 121 countries including Russia, China and Mongolia. No-one has hacked me. How much of a risk is there for those who visit my non-https site on the following link? :biggrin:

www.cheadlehulmeweather.co.uk

0

Share this post


Link to post
Share on other sites
On 3/21/2017 at 6:15 PM, Ray Proudfoot said:

Given the innocuous nature of my weather website it would be useful if some exceptions could be made by AvSim. Having to change my website to a https one does have a downside. The Flash content is not displayed. That's just cities of the word times plus a graphic showing the phases of the moon. The Google Map showing my location is also blocked. If I'm happy to show the world where I live why would security block it?

In seven years I've had nearly 112,000 visits from 121 countries including Russia, China and Mongolia. No-one has hacked me. How much of a risk is there for those who visit my non-https site on the following link? :biggrin:

www.cheadlehulmeweather.co.uk

It's not AVSIM, it's the browser authors. If you want to have a secure page, all of your assets need to be served via HTTPS, including images, scripts and style sheets. And serving your site over HTTPS doesn't make you any less likely to be hacked; it just provides a guarantee to your users that your site content hasn't been modified in transit. Going forward, HTTP/2 will provide performance improvements and it needs SSL as well.

(FWIW, Flash is about to die - and thankfully. You may want to get new time/moon widgets. They won't work on any iOS devices anyways.)

What AVSIM should do is just host signature images themselves; that's what we ended up doing with our forums. Fortunately our maps and analytics are served over SSL and all that was left was a proxy for weather map tiles. deltava and afva are already in the HSTS preload list for browsers, and I wouldn't be surprised if we turned off port 80 in the near future.

Bottom line, SSL is coming. For everyone.

Cheers!

Luke

0

Share this post


Link to post
Share on other sites

Luke,

You may have gathered I'm no expert with HTML or web security in  general.

I have many visitors each day and my site is hosted behind decent security. Does this mean that every weather site has to reside behind https addresses? That's ridiculous. If my Flash links stop working I'm sure the suppliers will find alternative ways of displaying them. They're niceties rather than essentials anyway.

I see my weather banner still hasn't refreshed from Tuesday morning. If Chase can come up with a solution to make it work as well as it did for years then fine. If not, I'll just remove it. It's shown on another weather forum without any issues.

0

Share this post


Link to post
Share on other sites