The Lemon Fool

What happened?

Scott.

The hamsters are revived!

Jesus, don't do that again.

It's not my fault - it just came away in me 'and!

I needed the socket to plug the hoover in

Clariman wrote:

Moderator Message:
Apologies for the site going offline from yesterday evening to this morning. Last night there was a script hack attempt, so Stooz took TLF offline while it was sorted. There was no access to the encrypted database and no user data was compromised. It was rescanned by our hosting service this morning, before going back online. Unfortunately they weren't available to do that for us last night. Hence the rather longer outage than it needed to be.

Have you got DDoS protection and other security measures in place with your website host?
You might be able to get some of it for free e.g Cloudflare..https://www.cloudflare.com/en-gb/plans/ ... -services/

Hi we are making lots of improvements and server upgrades in the background.
We will update the security software as well as while it worked this time the solution was too agricultural

18:03, Sunday 20 August. A new TLF glitch:

! [Red warning triangle]

Your connection isn't private
Attackers might be trying to steal your information from www.lemonfool.co.uk (for example, passwords, messages or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID

This server couldn't prove that it's www.lemonfool.co.uk; its security certificate is from *.sucuri.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Continue to www.lemonfool.co.uk (unsafe)

XFool wrote:18:03, Sunday 20 August. A new TLF glitch:

! [Red warning triangle]

Your connection isn't private
Attackers might be trying to steal your information from http://www.lemonfool.co.uk (for example, passwords, messages or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID

This server couldn't prove that it's http://www.lemonfool.co.uk; its security certificate is from *.sucuri.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Continue to http://www.lemonfool.co.uk (unsafe)

Same here, it was working fine earlier today.

It's also showing me ads, despite me donating to remove them.

Scott.

Me too, (thats the warning, not the ads) on an Android tablet using Chrome. And it pops up not only when first loading an LF page but at random when moving between posts.

stooz wrote:Hi we are making lots of improvements and server upgrades in the background.
We will update the security software as well as while it worked this time the solution was too agricultural

Presumably the updates are still ongoing...

XFool wrote:18:03, Sunday 20 August. A new TLF glitch:

! [Red warning triangle]

Your connection isn't private
Attackers might be trying to steal your information from http://www.lemonfool.co.uk (for example, passwords, messages or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID

This server couldn't prove that it's http://www.lemonfool.co.uk; its security certificate is from *.sucuri.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Continue to http://www.lemonfool.co.uk (unsafe)

Same here, since about 6pm. It's a problem specific to Chrome (I think) which is moaning about the site's SSL certificate Common Name CN:


Common Name (CN) *.sucuri.net
Organization (O) <Not Part Of Certificate>
Organizational Unit (OU) <Not Part Of Certificate>
Common Name (CN) Go Daddy Secure Certificate Authority - G2
Organization (O) GoDaddy.com, Inc.
Organizational Unit (OU) http://certs.godaddy.com/repository/
Issued On Monday, September 5, 2022 at 2:42:33 PM
Expires On Saturday, October 7, 2023 at 2:42:33 PM
SHA-256 Fingerprint AD 98 45 6C 22 14 DD CA EB 28 48 4C 27 63 99 CA
A9 BD 36 A6 D4 FF 7C 31 E1 CE 94 4F 15 BD E2 A7
SHA-1 Fingerprint 14 66 F8 BD 8F AF 7E 62 7C B5 33 90 41 59 6E F8
58 1B 76 5E

It's also affecting "Brave" browser.

It's not browser specific - if you got to MX toolbox and do an 'HTTPs lookup' on the domain you'll see there's an issue with the certificate, I'm sure the powers that be are aware and will be trying to sort it out...

https://mxtoolbox.com/SuperTool.aspx

https://mxtoolbox.com/problem/https/htt ... &hidetoc=1

Well, I was banned, or at least , my IP address was. I normally use a VPN, which I what I assume set it off, but it's never happened before.
I usually have the VPN running 24/7, and have only gained access at this time by turning it off.
I also got warnings that the site's security certificate was invalid, so you might look at that too.

Don't want to become tedious, but just tried to login, using my VPN, and got banned for another 12 hours.
Only posting now with VPN turned off, to flag this as ongoing.
(Small update: have chosen a different country's server, and access is fine, so the system is reacting to a particular IP address from the Netherlands...)

moorfield wrote:Same here, since about 6pm. It's a problem specific to Chrome (I think) which is moaning about the site's SSL certificate Common Name CN:

Not just chrome. Its also sghowing in oepra and FF - I opened a new thread not realising that this 403 thread from alst week and morphed into the SSl cert issue now.

Admins - feel free to combine my thread here

didds

I don't wish to carp, because I appreciate a lot of valuable work is being undertaken - but is there any timetable for when the current work on TLF will be completed? This is because it has become too difficult to continue posting/replying to posts and the sensible thing to do seems to be to just stop posting until things have settled down.

TIA