"This site may be hacked"

Bob A · 26th March 2017, 12:45 AM

Per Google. When I accessed it from my new laptop, I rec'd that message. Later looking up vikingsword on Google, the message apeared just below the site link.

I have no idea whether there's any truth to the message, but I thought I'd mention it here. If anyone cares to fwd to an admin, please do so; I've no idea how to proceed beyond posting the information.

kahnjar1 · 26th March 2017, 04:12 AM

Quote:

Originally Posted by Bob A

Per Google. When I accessed it from my new laptop, I rec'd that message. Later looking up vikingsword on Google, the message apeared just below the site link.

I have no idea whether there's any truth to the message, but I thought I'd mention it here. If anyone cares to fwd to an admin, please do so; I've no idea how to proceed beyond posting the information.

Hi Bo9b,
I assume this WILL be picked up here but if you send a PM to Lee (see Member List) he will be able to assist. Alternatively his email is ljones@vikingsword.com
Stu

Battara · 26th March 2017, 04:34 AM

I just tried getting in from Google just now and no problems.......

machinist · 26th March 2017, 04:53 AM

I have noticed the sword at the top of the page has changed recently, perhaps hackers are responsible.

Rick · 26th March 2017, 05:55 AM

I don't think so.
We had for years a Takouba.
I think Lee may have switched the sword to match the Vikingsword forum name.

Gavin Nugent · 26th March 2017, 07:42 AM

http://www.vikingsword.com/vb/showth...ghlight=hacked

kronckew · 26th March 2017, 07:53 AM

it'd be better to be accessing via the more secure https://www.vikingsword.com/vb/,
rather than the unencrypted http:// version.

David R · 26th March 2017, 08:54 AM

Quote:

Originally Posted by kronckew

it'd be better to be accessing via the more secure https://www.vikingsword.com/vb/,
rather than the unencrypted http:// version.

And that's the link that threw up the warning header for me just now.

fernando · 26th March 2017, 10:19 AM

Quote:

Originally Posted by Rick

I don't think so.
We had for years a Takouba.
I think Lee may have switched the sword to match the Vikingsword forum name.

Yes indeed

Lee · 26th March 2017, 02:49 PM

1. This site has never had, nor ever been configured for, a security certificate. It has always been under the regular old http (hypertext transfer protocol.) The secure protocol (https) is essential for banking, e-commerce and medical record sites and such where sensitive financial or other data is being passed back and forth. So, probably similarly sensitive information should not be included in private messages here, as it would travel on the internet unencrypted and you will be relying on it being a needle in a haystack.

2. Matchlock had complained of the takouba in the forums logo (preferring a European medieval sword he had seen in an auction) and I had promised to change it 'when convenient.' When I switched back from the seminar announcement, I did so, though I remain somewhat unsatisfied with the result.

3. I have seen Google's 'this site may be hacked' message myself on occasion. I followed the links the first time and was directed to register some sort of account and install something and then they would reveal to me what was of concern. I did not enter that gauntlet of hoops. I looked at the html of the top pages and nothing was out of order. I killed some dead links and links that had gone sleazy.

4. If any member actually encounters any page that is part of this site with suspicious material or encounters sleaze when following a link from here, please report it to me. This site is maintained on a 'shared' server and that may sometimes result in 'blacklisting' when there is malfeasance on any of the sites hosted on that server. Similarly, this site has been blocked by some shabbily coded 'net nanny' software because of the presence of such words as 'weapon.'

5. Offers of paid advertising (i.e. renting out your eyeballs) are regularly and uniformly rejected and donations are neither sought nor accepted. Life is much simpler and better this way. Maybe someday this community will create a proper nonprofit organization to administer and maintain this project and with that will come updated and professionally administered services (likely along with an end to the budget restricting policies noted in the first paragraph of this paragraph).

kronckew · 26th March 2017, 04:19 PM

google is 'encouraging everyone to go to https

see https://www.freshleafmedia.co.uk/blo...te-be-on-https, amongst others...

Quote:

Why should I use it for my website?

Well, if you’re sending any information you wouldn’t want a third party to get their hands on, HTTPS makes sense. It’s not true to say that you only need HTTPS if users are submitting credit card details to your site (although you definitely need it then, and you should never put your own credit card details into a site that isn’t secured using HTTPS). It means that any websites that have any passwords or personal information submitted to them should run on HTTPS. A good example is your Content Management System, or CMS. Many sites nowadays have a CMS that runs on the same domain as the website. So you might log in to edit your site at www.yoursite.com/cms or www.yoursite.com/wp-admin. Into that login page you put the password that enables you to edit your public-facing website. Do you really want that to fall into the wrong hands?

If that’s not enough reason (and it really should be), consider this: since 2014, Google has been pushing ‘HTTPS Everywhere’, an initiative to make the web more secure by moving all web traffic onto the secure protocol. That year the search giant announced a minor rankings boost for sites using HTTPS, meaning that it can factor into a website’s search results position. Now they’ve also announced that any website accepting credit card details or passwords via HTTP will be slapped with an ‘insecure’ warning in the latest version of Google’s Chrome browser. Google’s pushing for HTTPS, and its sanctions against sites not using it will only get stronger as time goes on.
What does it cost?

Until recently, cost was sometimes cited as a reason not to use HTTPS. Secure certificates were (in some cases) expensive to obtain, complex to configure, and had to be renewed annually. However, in April 2016 a new certificate authority, Let’s Encrypt, was launched, offering free certificates and an automated process that replaces the manual creation, validation, signing and installation of certificates… giving everyone one less reason not to use HTTPS.

note especially the bold bit, and the italic bits i've highlighted. the 'or passwords' in particular. might be why some people get warned, are they perchance using chrome? firefox is heading that way too, i get the message on some sites.

as noted if you get any message offering to fix an infection of your pc by visiting a link in a warning message, avoid it like the plague. because it IS the plague & they will infect you and try to extort money from you.

note: my browser address bar indicated that the vikingsword site is connected securely (encrypted) if i use the https address, so there's a security certificate out there somewhere in your cluster. note the little closed lock between the site favicon on the https address, it indicates the connection is encrypted. maybe your isp or hosting provider has gifted you.

edited:

have added an attachment of the message i get connecting via https in chrome, ie, and edge. appears there is a certificate but it's revoked. firefox allows for exceptions. note the upper screenshot is from firefox that is allowing connection, the seperate lower with the warning is from the other browsers. maybe your hosting co. has an expired certificate? you might want to ask them what's up. and get a free one from the company mentioned above...like chicken soup for a cold, it's can't hurt...

Royston · 27th March 2017, 10:06 PM

I have been a member for a few years now and always intended to ask this question.

Why is the site called vikingsword when it is the Ethnographic Arms and Armour Forum ?

One could argue that any culture could be classed as ethnographic, but then why separate European from Ethnographic.

I do not have a problem with this, I was just wondering about the origin of the name.

Regards
Roy

Lee · 28th March 2017, 03:56 PM

When this project began in 1997 the focus of the site was European medieval swords with a special emphasis on the swords of the Viking Age. If you go to the root directory you will still see this. For the would-be collector of the genuine article, such collecting is a fairly lonely activity and Internet discussion activity was very much focused on modern replicas of widely varying quality.

Royston, you will find that our interpretations of the meaning of 'ethnographic arms and armour' are pretty similar - see the Collector's Guide which is the descendant of the original ethnographic page. My collecting interests have always been a bit migratory and the original version of that page was written during boring non-relevant (to me) moments of a professional conference. The intended message at the time was that there were a lot of very reasonably priced pre-industrial arms in the antique market showing great design and ingenuity and that the frustrated would-be collector of European medieval swords could find exciting artifacts from other cultures well within their actual reach.

When the current forums software was implemented, it was just the main ethnographic discussion forum and swap. The previous UBB forum did have a European medieval sword section and it was dead. Antique arms collectors do tend segregate and the sub-forums we now have arose from user requests.

-----

I have researched and continue to research the https suggestions. Apparently, turning it on is cheap and easy and the forums software is fairly compatible, especially as we have forced use of the attachments feature. However, it also appears this would generate a lot of chaos and broken links for many users. More investigation is to be done, but for now it looks like this will be a consideration when there is an upgrade to a newer version and a migration to vikingsword.org for the forums.

kronckew · 28th March 2017, 08:36 PM

thanks for keeping us informed, lee.

BANDOOK · 30th March 2017, 12:27 PM

Quote:

Originally Posted by kronckew

thanks for keeping us informed, lee.

GREETINGS ADMIN
AS ALL HAS GONE MOBILE ,ANY WAY WE CAN HAVE A APPLICATION WHICH IS MOBILE FRIENDLY ,AS MORE AND MORE MEMBERS WILL BE USING MOBILES ,I AM AWARE THERE IS A PRICE DUE TO COST SO AM READY TO PAY A FEE EVERY YEAR AS I LOVE THIS SITE ,BUT WE HAVE TO KEEP UP WITH TECHNOLOGY.
ITS JUST A SUGGESTION AND I RESPECT ADMINS VIEWS AND RULES BUT WOULD REQUEST TO CONSIDER.
REGARDS
RAJESH ALVA

Lee · 30th March 2017, 01:58 PM

Such an accommodation will ultimately come with the eventual upgrade mentioned in my previous post. One question is whether to start the active forums anew as we did 11 years ago, leaving this online as an archive or whether to attempt a full migration with the update. Each option has its advantages and disadvantages. The fresh start option could be on vBulletin's hosted service that would automatically have all updates applied.

I personally dislike these now ubiquitous mobile devices for the all too common phenomenon of, when the thing chirps for attention, the person I had been conversing with face-to-face instantly drops our conversation mid sentence. Want to define 'lonely' in the 21st century? - it is being in a room where everyone else has a mobile device and you do not. I also dislike the redesign of the internet world to accommodate these devices, leaving my desktop with a broken experience. Once an early adopter, I have evolved into a techno-Luddite. Who would have thought?

I also have zero personal interest in attempting to administer a subscription / donation / advertising model. None. I have discussed with the Moderator Team in the past the prospect of creating a properly governed non-profit organization to maintain this project and to carry it forward.

26th March 2017, 12:45 AM	#1
Bob A Member Join Date: Feb 2014 Posts: 409	"This site may be hacked" Per Google. When I accessed it from my new laptop, I rec'd that message. Later looking up vikingsword on Google, the message apeared just below the site link. I have no idea whether there's any truth to the message, but I thought I'd mention it here. If anyone cares to fwd to an admin, please do so; I've no idea how to proceed beyond posting the information.

26th March 2017, 02:49 PM	#10
Lee EAAF Staff Join Date: Nov 2004 Location: Upstate New York, USA Posts: 887	If wishes were horses... 1. This site has never had, nor ever been configured for, a security certificate. It has always been under the regular old http (hypertext transfer protocol.) The secure protocol (https) is essential for banking, e-commerce and medical record sites and such where sensitive financial or other data is being passed back and forth. So, probably similarly sensitive information should not be included in private messages here, as it would travel on the internet unencrypted and you will be relying on it being a needle in a haystack. 2. Matchlock had complained of the takouba in the forums logo (preferring a European medieval sword he had seen in an auction) and I had promised to change it 'when convenient.' When I switched back from the seminar announcement, I did so, though I remain somewhat unsatisfied with the result. 3. I have seen Google's 'this site may be hacked' message myself on occasion. I followed the links the first time and was directed to register some sort of account and install something and then they would reveal to me what was of concern. I did not enter that gauntlet of hoops. I looked at the html of the top pages and nothing was out of order. I killed some dead links and links that had gone sleazy. 4. If any member actually encounters any page that is part of this site with suspicious material or encounters sleaze when following a link from here, please report it to me. This site is maintained on a 'shared' server and that may sometimes result in 'blacklisting' when there is malfeasance on any of the sites hosted on that server. Similarly, this site has been blocked by some shabbily coded 'net nanny' software because of the presence of such words as 'weapon.' 5. Offers of paid advertising (i.e. renting out your eyeballs) are regularly and uniformly rejected and donations are neither sought nor accepted. Life is much simpler and better this way. Maybe someday this community will create a proper nonprofit organization to administer and maintain this project and with that will come updated and professionally administered services (likely along with an end to the budget restricting policies noted in the first paragraph of this paragraph).

28th March 2017, 03:56 PM	#13
Lee EAAF Staff Join Date: Nov 2004 Location: Upstate New York, USA Posts: 887	Of course prices have since risen... When this project began in 1997 the focus of the site was European medieval swords with a special emphasis on the swords of the Viking Age. If you go to the root directory you will still see this. For the would-be collector of the genuine article, such collecting is a fairly lonely activity and Internet discussion activity was very much focused on modern replicas of widely varying quality. Royston, you will find that our interpretations of the meaning of 'ethnographic arms and armour' are pretty similar - see the Collector's Guide which is the descendant of the original ethnographic page. My collecting interests have always been a bit migratory and the original version of that page was written during boring non-relevant (to me) moments of a professional conference. The intended message at the time was that there were a lot of very reasonably priced pre-industrial arms in the antique market showing great design and ingenuity and that the frustrated would-be collector of European medieval swords could find exciting artifacts from other cultures well within their actual reach. When the current forums software was implemented, it was just the main ethnographic discussion forum and swap. The previous UBB forum did have a European medieval sword section and it was dead. Antique arms collectors do tend segregate and the sub-forums we now have arose from user requests. ----- I have researched and continue to research the https suggestions. Apparently, turning it on is cheap and easy and the forums software is fairly compatible, especially as we have forced use of the attachments feature. However, it also appears this would generate a lot of chaos and broken links for many users. More investigation is to be done, but for now it looks like this will be a consideration when there is an upgrade to a newer version and a migration to vikingsword.org for the forums.

30th March 2017, 01:58 PM	#16
Lee EAAF Staff Join Date: Nov 2004 Location: Upstate New York, USA Posts: 887	Upgrade Issues Such an accommodation will ultimately come with the eventual upgrade mentioned in my previous post. One question is whether to start the active forums anew as we did 11 years ago, leaving this online as an archive or whether to attempt a full migration with the update. Each option has its advantages and disadvantages. The fresh start option could be on vBulletin's hosted service that would automatically have all updates applied. I personally dislike these now ubiquitous mobile devices for the all too common phenomenon of, when the thing chirps for attention, the person I had been conversing with face-to-face instantly drops our conversation mid sentence. Want to define 'lonely' in the 21st century? - it is being in a room where everyone else has a mobile device and you do not. I also dislike the redesign of the internet world to accommodate these devices, leaving my desktop with a broken experience. Once an early adopter, I have evolved into a techno-Luddite. Who would have thought? I also have zero personal interest in attempting to administer a subscription / donation / advertising model. None. I have discussed with the Moderator Team in the past the prospect of creating a properly governed non-profit organization to maintain this project and to carry it forward.

26th March 2017, 04:34 AM	#3
Battara EAAF Staff Join Date: Dec 2004 Location: Louisville, KY Posts: 7,139	I just tried getting in from Google just now and no problems.......

26th March 2017, 04:53 AM	#4
machinist Member Join Date: Oct 2010 Posts: 93	I have noticed the sword at the top of the page has changed recently, perhaps hackers are responsible.

26th March 2017, 05:55 AM	#5
Rick Vikingsword Staff Join Date: Nov 2004 Posts: 6,262	I don't think so. We had for years a Takouba. I think Lee may have switched the sword to match the Vikingsword forum name.

26th March 2017, 07:42 AM	#6
Gavin Nugent Member Join Date: Oct 2007 Posts: 2,818	http://www.vikingsword.com/vb/showth...ghlight=hacked

26th March 2017, 07:53 AM	#7
kronckew Member Join Date: Mar 2006 Location: Room 101, Glos. UK Posts: 4,150	it'd be better to be accessing via the more secure https://www.vikingsword.com/vb/, rather than the unencrypted http:// version.

27th March 2017, 10:06 PM	#12
Royston Member Join Date: Mar 2008 Location: Poole England Posts: 441	I have been a member for a few years now and always intended to ask this question. Why is the site called vikingsword when it is the Ethnographic Arms and Armour Forum ? One could argue that any culture could be classed as ethnographic, but then why separate European from Ethnographic. I do not have a problem with this, I was just wondering about the origin of the name. Regards Roy

28th March 2017, 08:36 PM	#14
kronckew Member Join Date: Mar 2006 Location: Room 101, Glos. UK Posts: 4,150	thanks for keeping us informed, lee.