Redirect http:// to http://www

Verringer · May 3, 2017

Old suggestion that was implemented, not sure what's with the sudden change to make all non http://www. to 301 pages.

If you want, I can send you the Nginx config for it that won't throw errors? :tup:

Ally · May 3, 2017

Dunk said:
What do you mean? It already redirects to www for me.

That's the browser doing it, not the website. If you're on a browser that doesn't do it then it won't.

Baby · May 3, 2017

Yup getting the same thing. Hope this gets fixed.

blonde · May 3, 2017

Pretty sure it's part of the recent attacks on mcm.

Vilsike · May 3, 2017

The fact that this hasn't happened yet is funny.

It's also funny that the website doesn't have SSL when it's free to use or really cheap.

Redirect mc-market.org to http://www.mc-market.org until you get SSL then redirect it all to https://www.mc-market.org

It's an easy .htaccess file change to do so. Really takes all but 30 seconds.

buildblox · May 3, 2017

Realm said:
The fact that this hasn't happened yet is funny.

It's also funny that the website doesn't have SSL when it's free to use or really cheap.

Redirect mc-market.org to http://www.mc-market.org until you get SSL then redirect it all to https://www.mc-market.org

It's an easy .htaccess file change to do so. Really takes all but 30 seconds.

Ajdin explained exactly why SSL wasn't implemented in a previous announcement, and it should be noted that not every site can be so easily changed to support securing as a lot of accessed resources can be of mixed content (some images may be insecure while the site is secure, and then errors coming falling through). And on top of that, when you put Xenforo's default image proxy into the picture, it doesn't exactly leave much room for custom changes. If I remember correctly, prior to migrating to AWS, MCM operated on a content delivery network, which can cause compatibility issues with SSL and the lot.

Again, just my two bits. Pretty sure everything was changed after the site migrated to AWS, as the CDN is no longer visible.

tl;dr custom changes (primarily a CDN) in the system caused SSL to be disabled.

Verringer · May 3, 2017

Realm said:
The fact that this hasn't happened yet is funny.

It's also funny that the website doesn't have SSL when it's free to use or really cheap.

Redirect mc-market.org to http://www.mc-market.org until you get SSL then redirect it all to https://www.mc-market.org

It's an easy .htaccess file change to do so. Really takes all but 30 seconds.

There's a reason I never implemented SSL which only takes 30 seconds of searching to find out. Try the term "XenForo IP Leak" - my thread is the first one that brought the topic up from what I can find

Webkinz said:
Pretty sure it's part of the recent attacks on mcm.

I'm not a system administrator, I only know enough to get me by - but I don't think an external attack can cause this error to pop up.

ImRoot · May 3, 2017

same thing happens to me xD im on chrome

blonde · May 3, 2017

Verringer said:
There's a reason I never implemented SSL which only takes 30 seconds of searching to find out. Try the term "XenForo IP Leak" - my thread is the first one that brought the topic up from what I can find

I'm not a system administrator, I only know enough to get me by - but I don't think an external attack can cause this error to pop up.

Well the attackers didn't make it but Mcm announced they were changing to like cloud fare because of the attacks.

Vilsike · May 3, 2017

buildblox said:
Ajdin explained exactly why SSL wasn't implemented in a previous announcement, and it should be noted that not every site can be so easily changed to support securing as a lot of accessed resources can be of mixed content (some images may be insecure while the site is secure, and then errors coming falling through). And on top of that, when you put Xenforo's default image proxy into the picture, it doesn't exactly leave much room for custom changes. If I remember correctly, prior to migrating to AWS, MCM operated on a content delivery network, which can cause compatibility issues with SSL and the lot.

Again, just my two bits. Pretty sure everything was changed after the site migrated to AWS, as the CDN is no longer visible.

I've never had any issues enabling SSL on my two Xenforo sites or even IP.Board. The images aren't ruining the SSL, much like how Spigot handles their external images.

buildblox · May 3, 2017

Realm said:
I've never had any issues enabling SSL on my two Xenforo sites or even IP.Board. The images aren't ruining the SSL, much like how Spigot handles their external images.

Spigot handles the site content in a very intricate way, but I don't believe they ever attempted to utilize a CDN.

Vilsike · May 3, 2017

buildblox said:
Spigot handles the site content in a very intricate way, but I don't believe they ever attempted to utilize a CDN.

Think one of the reasons why I never really cared for this site is how they handle their website. There's been way to many leaks and attacks in the time they have been up

(Inb4 Disagree's)

Verringer · May 3, 2017

This is completely off topic at this point, but just to finish it up:

Realm said:
I've never had any issues enabling SSL on my two Xenforo sites or even IP.Board. The images aren't ruining the SSL, much like how Spigot handles their external images.

SSL works fine, it just opens up loads of self-explanatory exploits. 15 year old me asks how to fix it here: https://theadminzone.com/threads/xf-image-proxy-leaking-backend-ip.131329/

Spigot is brilliant in many ways, and it would definitely benefit MC-Market in 2017 to have SSL set up as I've received a few emails from Google myself warning me about not having SSL set up on my sites and that they're going to start prioritizing SSL-enabled sites.

Realm said:
Think one of the reasons why I never really cared for this site is how they handle their website. There's been way to many leaks and attacks in the time they have been up

(Inb4 Disagree's)

I'm not sure about the whether the leaks are genuine, I've never looked. I hope they're not and if they are - as long as it's from after October 2016, that's positive news for me.

Ajdin · May 3, 2017

buildblox said:
Spigot handles the site content in a very intricate way, but I don't believe they ever attempted to utilize a CDN.

They are using Cloudflare. With the proper settings and page rules they don't even need a CDN.

Verringer said:
This is completely off topic at this point, but just to finish it up:

SSL works fine, it just opens up loads of self-explanatory exploits. 15 year old me asks how to fix it here: https://theadminzone.com/threads/xf-image-proxy-leaking-backend-ip.131329/

Spigot is brilliant in many ways, and it would definitely benefit MC-Market in 2017 to have SSL set up as I've received a few emails from Google myself warning me about not having SSL set up on my sites and that they're going to start prioritizing SSL-enabled sites.

I'm not sure about the whether the leaks are genuine, I've never looked. I hope they're not and if they are - as long as it's from after October 2016, that's positive news for me.

The biggest reason I never implemented SSL was because it has been reported that Google Adsense revenue drops by almost 50%.

MCM's Adsense revenue used to be about €1.1K last time I had my payout so it's definitely something to think about twice.

You're right though, Google is cracking down on sites that aren't using SSL so I would have probably switched by now after the recent Google Chrome updated.

The site uses AWS now. I'm unsure of how it's setup but it definitely needs some work. But yeah, you can make all CDN traffic go through a proxy fairly easily.

I also experimented with MaxCDN for a few months which worked great and they have a SSL option too so it'd be a matter of adding a few lines to the XenForo config.php file.

buildblox · May 3, 2017

BeBosny said:
The biggest reason I never implemented SSL was because it has been reported that Google Adsense revenue drops by almost 50%.

That rings a bell, I think I recall reading it on TheAdminZone. But isn't that strange? It's almost like Google is punishing sites with SSL

Turtle · May 3, 2017

BeBosny said:
They are using Cloudflare. With the proper settings and page rules they don't even need a CDN.

The biggest reason I never implemented SSL was because it has been reported that Google Adsense revenue drops by almost 50%.

MCM's Adsense revenue used to be about €1.1K last time I had my payout so it's definitely something to think about twice.

You're right though, Google is cracking down on sites that aren't using SSL so I would have probably switched by now after the recent Google Chrome updated.

The site uses AWS now. I'm unsure of how it's setup but it definitely needs some work. But yeah, you can make all CDN traffic go through a proxy fairly easily.

I also experimented with MaxCDN for a few months which worked great and they have a SSL option too so it'd be a matter of adding a few lines to the XenForo config.php file.

I have used this on some of my hobby sites to hide IP addresses. Wouldn't know if it would work for xenforo though.

https://images.weserv.nl/

Walrus · May 3, 2017

this. i tried getting on to here yesterday, but couldn't and assumed it was maintenance or something.

cough can we also make use of mcmarket.org cough

Redirect http:// to http://www

Verringer

MC-Market Founder

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Baby

King of Babies

blonde

闪耀

Vilsike

Previous owner of OasisMC, SimpPixel, and others!

buildblox

Entrepreneur

Verringer

MC-Market Founder

ImRoot

Java, Web, Python, NodeJS

blonde

闪耀

Vilsike

Previous owner of OasisMC, SimpPixel, and others!

buildblox

Entrepreneur

Vilsike

Previous owner of OasisMC, SimpPixel, and others!

Verringer

MC-Market Founder

Ajdin

I used to be a big deal on here but now irrelevant

buildblox

Entrepreneur

Turtle

turtle#1989

Walrus

New Member