Before posting keep this in mind; This website is supported by user created content to keep it active.
If users (such as yourself) do not create content, you only have yourselves to blame for the lack of said content.


[Return]
Posting mode: Reply
Name
Email
Subject   (reply to 6560)
Message
BB Code
File
File URL
Embed   Help
Password  (for post and file deletion)
  • Supported file types are: ASS, BMP, CSS, FLAC, GIF, JPEG, JPG, MP3, OGG, PDF, PNG, PSD, RAR, SWF, TORRENT, TXT, ZIP
  • Maximum file size allowed is 10000 KB.
  • Images greater than 260x260 pixels will be thumbnailed.
  • Currently 1496 unique user posts.
  • board catalog

File 150694075722.jpg - (55.67KB , 640x480 , comp.jpg )
6560 No. 6560 [Edit]
Is there any reason this site is not made HTTPS? It is safe to assume at this point that nobody gives a damn about privacy on the internet but plain HTTP has other downsides too, like browsers mark it "insecure" and lower search engine rankings. So I'm just wondering if it's because it didn't occur to anybody yet or is it technical reasons maybe?
Expand all images
>> No. 6561 [Edit]
>>6560
Maybe it's too much work, specially for how little traffic this board gets? Also, this has been asked for a trillion times.
>> No. 6562 [Edit]
File 150701889580.png - (153.99KB , 1000x500 , HTTP.png )
6562
>>6561

Thanks! Actually, it seems like it has SSL but kinda doesn't work right since all the URLs in the page source are still HTTP. That is probably not much work to fix. I hope someone will bother ^^
>> No. 6566 [Edit]
File 150704106885.jpg - (43.42KB , 604x341 , 1490234773400.jpg )
6566
>>6562
sounds like a lot of work to me. if you could say exactly which files on the server would need "http://" replaced with "https://" it would not be so much work.
>> No. 6567 [Edit]
>>6566

I don't know how the server-side works. I assume that the kusaba php code generates the final html files that are sent to the browser. In that case maybe it's enough to change something in the kusaba config file. (There was a cf['KU_WEBPATH'] line I looked at in the config.php)

On the other hand, if there are many html files with lots of "http://tohno-chan.com" hard-coded into them, then those would need to be changed. With a decent IDE it should be easy.
>> No. 6570 [Edit]
File 150717876433.jpg - (0.99MB , 1267x950 , 1490662637991.jpg )
6570
>>6569
>>6567

Yeah it's possible and maybe easy, but it will take time that I don't believe Tohno or I currently have. From what I remember the kusaba is really poorly documented, we're running a lot of custom code as well. The FTP is kind of a clusterfuck.

If either of you would like to dedicate the time to it feel free to hop on IRC and contact Tohno_ or bumbaloe, and lurk etc. Don't really want strangers on FTP.
>> No. 6571 [Edit]
File 150718736060.png - (149.32KB , 800x1200 , HTTP.png )
6571
>>6570

What I would do is:
-make offline backups of everything including the database if possible.
-set up source-control if it's not already. (Like git) Exclude all dynamic files and such. (that way you can see all changes you make nicely and revert any of them)
-look very closely at config files like config.php
-run a search for "http://tohno-chan.com" in the whole project (dynamic files excluded) with a decent search tool. Maybe for "http://" and "https://" too.
-replace them with https where needed. (Just don't replace the wrong stuff so things don't break )

You will have backups and source-control, you can restore everything if needed.
>> No. 6573 [Edit]
>>6571
So, too much work, specially for how little traffic this board gets.
>> No. 6575 [Edit]
>like browsers mark it "insecure" and lower search engine rankings. So I'm just wondering if it's because it didn't occur to anybody yet or is it technical reasons maybe?

get a browser that understands you better. low search rankings are an asset, not a failure. if you're really paranoid about people finding out your retarded internet secrets browse via secure proxy or VPN, there are infinite free ones available.
>> No. 6593 [Edit]
File 150948233859.png - (417.21KB , 500x600 , halloween hus.png )
6593
It would appear that even beyond HTTPS tohno-chan has quite a few technical issues. For one, it runs on Kusaba X, which is quite prone to spam. Although you may have modified it with preventative measures, and you may take regular backups. As far as that goes, I am unaware.

You seem to be using FTP to manage the uploading and management of your software, rather than a version control system like Git or Subversion. For keeping track of mistakes you make, upgrading software, and other things, this will make your life harder (Not that Kusaba X has been updated in quite a while anyway...)

In regards to Kusaba X, it is very old software, and PHP7+ and even recent versions of PHP5 are incompatible with it. Eventually the operating system that the server runs on will stop being updated - Naturally you would want to upgrade to the newest version, to ensure that your server is exploit free and secure. But you will find that you cannot do so because your operating system doesn't have such an old version of PHP in its repositories. This will lead to you either migrating software (something that I highly recommend doing) or you will be left behind on (eventually, very) insecure software. Kusaba X has many private exploits of varying degree; a good example of a public one was developed by savetheinternet: You can view it here: https://github.com/savetheinternet/kusabax-idcrack

This particular exploit can reverse a Kusaba X poster-ID into ~221 possible IP addresses. With some more filtering, we could very likely find a poster's regular IP address using this. Another exploit is apparently SQL injection, which lead to a site that will not be named getting all of its IP addresses dumped.

KusabaX is called KushitbaX in administrator circles for a reason.

If you decide to upgrade the software and hopefully your operating system (I'm sure it's quite old) I can suggest to the administrator vichan, which is slowly dying in development but it's much more modern and is PHP7 compatible, or LynxChan which is in active development but the frontend (what the user sees) is... somewhat ugly. The developer of LynxChan may be willing to work with you on that, though.

Way back on topic: As for the SSL, if you are on a newer OS by any chance, just use Let's Encrypt. It's a very good way to get free SSL certificates, and to automatically renew them.
>> No. 6608 [Edit]
>>6593
I'm aware of the php update issue, and that it could mean the death of this site.
I actually did try out LynxChan and yeah had help from it's devs, but found it to be a needlessly convoluted pain in the ass to even get running, and like you said it was butt ugly with a horrible mod panel. I don't think I've messed around with vichan though, that might be something worth looking into. I'm no programmer and offered to compensate people for their help but that obviously hasn't gotten me anywhere. If I could I'd let this place go the way of SpaceJam and remain unchanged for decades, but I doubt that'll fly with a site like this.


>>6597
I vaguely recall something like that, but I think we might still be out of date all the same.
>> No. 6612 [Edit]
>>6608
I could help you move to vichan sometime if you want... It's still maintained so it should be somewhat stable for the foreseeable future, and it's PHP7 compatible. There is also a script you can use to move from Kusaba X to it. I've used it before, and it works well enough. The most difficult thing to actually port would be the stylesheets and the frontpage.

>>6610
Upgrading the PHP version is not the same as upgrading the PHP software which powers the site. The PHP version is basically an interpreter for instructions, you need the latest version of the instructors to work on the latest version of the interpreter. The instructions of Kusaba X are very old.
>> No. 6616 [Edit]
So yeah, we're on PHP 5.6 at the moment. Word is we might not be forced to update till 2019. I'm not necessarily opposed to overhauling the site, but it does seem redundant. The same people who complain about KusabaX would likely complain about whatever we switch to anyway.

View catalog

Delete post []
Password  
Report post
Reason  


[Home] [Manage]



[ an / foe / ma / mp3 / vg / vn ] [ cr / fig / navi ] [ $ / mai / mt / ot / so / tat / txt / 日本 ] [ arc / ddl / fb / irc / lh / lol / ns / pic / sub ] [ home ]