Overclock3D ssl certificate

[FTLN]

Has the cert expired for OC3D website ?

Happening to me on quite a few sites today, rather strange :




Also strange to see all these SAN in the cert :

Not Critical
DNS Name: ssl387755.cloudflaressl.com
DNS Name: *.10000wallpapersapp.com
DNS Name: *.baby-care-games.com
DNS Name: *.cloudistics.com
DNS Name: *.dollhouse-games.com
DNS Name: *.funfestmedia.com
DNS Name: *.fussball.news
DNS Name: *.galwaybayfm.ie
DNS Name: *.iceageapps.com
DNS Name: *.iprincessentertainment.com
DNS Name: *.kidscookinginc.com
DNS Name: *.lockscreenshd.com
DNS Name: *.overclock3d.net
DNS Name: *.surgery-games.net
DNS Name: *.svinando.com
DNS Name: *.svinando.de
DNS Name: *.thewinecompany.it
DNS Name: *.tofumediainc.com
DNS Name: 10000wallpapersapp.com
DNS Name: baby-care-games.com
DNS Name: cloudistics.com
DNS Name: dollhouse-games.com
DNS Name: funfestmedia.com
DNS Name: fussball.news
DNS Name: galwaybayfm.ie
DNS Name: iceageapps.com
DNS Name: iprincessentertainment.com
DNS Name: kidscookinginc.com
DNS Name: lockscreenshd.com
DNS Name: overclock3d.net
DNS Name: surgery-games.net
DNS Name: svinando.com
DNS Name: svinando.de
DNS Name: thewinecompany.it
DNS Name: tofumediainc.com

 

[RobM]

ssl shows as valid till June for me

 

[FTLN]

ssl shows as valid till June for me

Strange , Edge is showing the same for me as connection not secure.

Other sites such as ebay, paypal and home banking are all showing as secure..

 

[RobM]

weird indeed I am using Chromium browser on Linux if that makes any difference though I don't see it would.

 

[NickOmega]

Valid til 12th June 2018 for me too

 

[Warchild]

Strange , Edge is showing the same for me as connection not secure.

Other sites such as ebay, paypal and home banking are all showing as secure..

/puts on inexperienced mechanics hat

"well there's yer problem Sur. You gots ta use dem Chrome or firefox thingysomethings. Edge just don't cut it, in these parts. Besides we don' take too kindly to that MikeySoft stuff.

 

[FTLN]

/puts on inexperienced mechanics hat

"well there's yer problem Sur. You gots ta use dem Chrome or firefox thingysomethings. Edge just don't cut it, in these parts. Besides we don' take too kindly to that MikeySoft stuff.

Just installed chrome, and still get a message that the connection to the site is not fully secure :

 

[FTLN]

Here is a comparison with Guru3D forum , and also there is not a list of dodgy looking websites in the SAN of teh certificate :

Not Critical
DNS Name: *.guru3d.com
DNS Name: guru3d.com




************************************************************************

Not Critical
DNS Name: ssl387755.cloudflaressl.com
DNS Name: *.10000wallpapersapp.com
DNS Name: *.baby-care-games.com
DNS Name: *.cloudistics.com
DNS Name: *.dollhouse-games.com
DNS Name: *.funfestmedia.com
DNS Name: *.fussball.news
DNS Name: *.galwaybayfm.ie
DNS Name: *.iceageapps.com
DNS Name: *.iprincessentertainment.com
DNS Name: *.kidscookinginc.com
DNS Name: *.lockscreenshd.com
DNS Name: *.overclock3d.net
DNS Name: *.surgery-games.net
DNS Name: *.svinando.com
DNS Name: *.svinando.de
DNS Name: *.thewinecompany.it
DNS Name: *.tofumediainc.com
DNS Name: 10000wallpapersapp.com
DNS Name: baby-care-games.com
DNS Name: cloudistics.com
DNS Name: dollhouse-games.com
DNS Name: funfestmedia.com
DNS Name: fussball.news
DNS Name: galwaybayfm.ie
DNS Name: iceageapps.com
DNS Name: iprincessentertainment.com
DNS Name: kidscookinginc.com
DNS Name: lockscreenshd.com
DNS Name: overclock3d.net
DNS Name: surgery-games.net
DNS Name: svinando.com
DNS Name: svinando.de
DNS Name: thewinecompany.it
DNS Name: tofumediainc.com

 

[SuB]

Thanks for taking a look at this.

The main certificate you see should be coming from cloudflare (top entry in your list) and is definitely not expired, and is entirely valid, and will probably have a bunch of other domains on it since it's from a shared CDN. (that's how cloudflare works)

The main thing with the 'not entirely secure' thing is because these are forums, and you lot upload images etc which aren't on secure domains, so we can't give 100% secure urls and whatnot. (the message in your browser even says "images etc" if you read it).

It's also because I believe despite the fact we specifically ask for secure ads, google somehow thinks it's okay to deliver non-secure content within those ads on occasion, go figure.. all the stuff google demands and it doesn't fulfil them itself (much to my annoyance).

The main website domain doesn't have this issue for the most part (it does in places so don't panic if you see it) because we control the content on that. (again besides the occasional ads from google, thanks google)

So yeah, nothing to worry about.

 

[FTLN]

Thanks for taking a look at this.

The main certificate you see should be coming from cloudflare (top entry in your list) and is definitely not expired, and is entirely valid, and will probably have a bunch of other domains on it since it's from a shared CDN. (that's how cloudflare works)

The main thing with the 'not entirely secure' thing is because these are forums, and you lot upload images etc which aren't on secure domains, so we can't give 100% secure urls and whatnot. (the message in your browser even says "images etc" if you read it).

It's also because I believe despite the fact we specifically ask for secure ads, google somehow thinks it's okay to deliver non-secure content within those ads on occasion, go figure.. all the stuff google demands and it doesn't fulfil them itself (much to my annoyance).

The main website domain doesn't have this issue for the most part (it does in places so don't panic if you see it) because we control the content on that. (again besides the occasional ads from google, thanks google)

So yeah, nothing to worry about.

Hey Sub, thanks for the feedback. I did notice the the mention of images but the problem is how do I know if your site has been compromised somehow now ?

I suggest that you intergrate an image uploader into the forum so that all images are hosted securely on your server.

Rgds,
FTLN

 

[SuB]

Hey Sub, thanks for the feedback. I did notice the the mention of images but the problem is how do I know if your site has been compromised somehow now ?

I suggest that you intergrate an image uploader into the forum so that all images are hosted securely on your server.

Rgds,
FTLN

...We already have one!

Most people use imgur/google/external links/etc/etc/etc to post images, and no-one wants to download an image just to re-upload it here (+ the associated bandwidth costs to us for making that the accepted practice). Nothing we can do about that without enforcing stuff that doesn't need enforcing.

If the site gets compromised, believe me, you'll know because I'll be flying around like a blue-arse-fly and getting some pretty interesting calls from TTL

 

[FTLN]

Hello Sub,

I was browsing another forum and noticed that the users use unsecure image URLS's in the posts, but they have a secure logo (green) in the browser, are you sure something else isnt up ??? Take a look :




I have also identified the cause of your front page showing as non secure , when i block this ad I get a green secure connection logo:

<img src="http://ab170743.adbutler-chargino.com/adserve/;ID=170743;size=728x90;setID=280687;type=img;click=CLICK_MACRO_PLACEHOLDER" width="728" height="90">

 

[SuB]

Those images are being proxy'd in with some fancy code which we don't have on the forums. So that's expected

And the thing above, is, as I mentioned before, it's an ad platform delivering non-secure content (again much to my annoyance)

Nothing here is unexpected tbh.

we'll look into what we can do with the ads, sounds like someone needs poking to me.

 

[SPS]

There is one thing you can fix Sub
http://forum.overclock3d.net/clear.gif

 

[AlienALX]

I got these errors once when the time was incorrect on my PC.

 

[FTLN]

I got these errors once when the time was incorrect on my PC.

So your saying that when you browse to oc3d front page and forums you have a green ticket at the beginning of your url bar saying the connection is ecyrpted ? What browser are you using ?

 

[hmmblah]

Having the Secure icon doesn't really make a website secure. All it says is the traffic to and from your computer to the site is encrypted and the certificate used is correct and verifiable by a 3rd party.

The traffic passed through though could be anything, safe or malicious.