Saturday, January 12, 2019

How Safe is Your Site?

Last year I posted about switching to https from http. If you haven't done this, you need to read the post and make the change. It's VERY EASY to do. This is a safety and security issue even if {like me} you aren't a commercial site. Why? Http is an old system and has serious and known flaws that allow hackers to breach your site.

Recently I noticed several of my old linkups mysteriously had a photo of a car added to the quilts. My site is https but the linkup company I used had a flaw that Google warned me about. Simply deleting the linkup wasn't enough. Those linkups with the car photo stubbornly remained. The hackers came through that flaw and added the code into MY post. I had to delete the string of code in HTML. {I'm a not a professional coder so my solution was to delete everything from my signature on down.} If you check, you'll see the explanation I added.

What I did NOT do was click on that car link. That could have compromised my computer. By adding their own link, the hackers could make it point to any site they wanted. I'm sure "sinister people" pay them to link a porn site, a bitcoin or Nigerian scam, or something else through my innocent post. I'd seen an uptick in odd sites to my blog and was trying to track them down.

If you don't have https and/or you link to sites that aren't https, you are helping criminals. Please don't. 


The world moves on.

Lately some of the blogs on my sidebar have been "coming up blank." I click on them but the page doesn't appear. In fact, all that appears is one of these icons.


I use Chrome, a Google product. In May, Google announced they would start flagging insecure sites because most sites worldwide now use https and it's better to call out the laggards. Now it appears they've moved to the next step to help keep us all safe: Chrome won't let me go to sites that aren't https. I asked DH and found out I could override this choice. Hey, I'm an adult. But that would be like taking those stupid ridiculous bird box challenges.

I mean, really.

If the experts {among whom I am NOT included} think it's foolhardy to go to an insecure site, why would I override them? Even if your site is only an innocuous quilting blog, too many nasty people can hack in through it. So...

I checked and I can get there on Safari. But I won't. If you aren't https:, you won't see me until you are.

Please. And thank you. Ann

19 comments:

Millie said...

Thanks Ann! I;ve made that change to my blogs.

Ann said...

Thank you. It's a job to keep abreast of technology. You're great.

Quiltdivajulie said...

I checked my https setting and updated it --thanks!!

Ann said...

Thank you, Julie. I appreciate your efforts and enjoy reading your blog.

Lisa J. said...

I want to thank you so much for this post and the previous one Ann. I had noticed recently that my site was coming up as insecure but I thought it didn't matter because no funds go across it. After reading your posts I went in and changed the setting to https. If I hadn't read your posts I wouldn't have known how to do that. I didn't get an error message so I'm thinking all is ok.

Mystic Quilter said...

I am so pleased that you have written this post Ann. I changed to https when blogger first announced it on the site and it's surprising how many of the blogs I love following haven't changed over. I think it's a good idea that when you go into an insecure site the warnings come up. It seems that a great many bloggers are perhaps not aware of the need to change.

patty a. said...

I am https already thank goodness although if I try to look at my blog on my computer, it blocks me and says there is a problem. It must be some firewall the IR guys installed. I can view it on my iPhone with out issue.

Nifty Quilts said...

Thank you, Ann! I made the change, thanks to you, and am very glad I did so.

audrey said...

Thanks for the reminder! Made the change and tried to clean up my blog a little.:)

Ann said...

Thank you for taking the time to make us all safer, Lisa. Finding those code snippets on my posts shocked me. Google notified me there were errors in their linkup company's code but I didn't understand how easily it could happen. It's difficult for most of us bloggers because we are not very technical and have other priorities. But in these days of conflict, it's important to maintain a herd immunity.

Ann said...

I probably wasn't as early as you but I did change it almost two years ago. And like you, I'm surprised how many quilt blogs are still not updated for this safety feature. The warnings are visible but these blank pages are an even better wake up call. Hopefully that will encourage even more quilters. I completely sympathize with them; we don't focus on these kinds of technical difficulties. But we are also a strong, friendly group.

Ann said...

You were. Yea, you.
You might look at the previous post. It had information about fixing "mixed message" issues. I had to do that a couple of years ago. That's how I found some of the links weren't as careful as they could be. But your explanation sounds right, too. Sigh. We'll get through it and be safer.

Ann said...

Thank you, LeeAnn. I know you have a popular blog. You are helping so many people with this small change.

Ann said...

Hooray! Your blog is so popular that you know you've helped lots of readers.

Sujata Shah said...

Thank you Ann! I made the changes but still trying to figure out the language on the buttons. I may need an entire day!

Ann said...

Thanks for making the effort, Sujata. I've already noticed some questionable referral sites can't seem to link through mine and I'll bet you find the same.
For the button, open the code, and copy or make a screen shot so you can at least get back to where you were. Do Cntrl F for find and type http. Everywhere it doesn't have s after it, add it. Then check. I think all you'll need to do is have it point to the safe version of you site rather than the unsafe version.

Sujata Shah said...

Thanks, Ann! This was really helpful. I had noticed lately I was getting more spam comments than earlier. I hope this helps to reduce the number of those. I had never experienced the blanking of the sidebar but I got another person's complaint that she could not link to my site. I need to spend more time here to make it all work. I am headed to a longarmer. I will try to do this after I get back. xo

Mel Beach said...

Thanks for raising awareness about this security issue. Rushed to check and make sure I was up to date...and thankful it was. Phew!

Ann said...

You are such a champ, Mel. Your site is always up to date. But it's easy for any of us to get behind. Blogs don't come with automatic updates like our phones. I'm going to add a reminder on my calendar to research and check security issues twice a year. Hopefully that will be enough...