Logins To hMailServer Form Not Secure

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
User avatar
jim.bus
Senior user
Senior user
Posts: 301
Joined: 2011-05-28 11:49
Location: US

Logins To hMailServer Form Not Secure

Post by jim.bus » 2019-09-17 03:53

I just noticed that logins to hMailServer Forum is not secured. User ID and Passwords could be intercepted. The little icon at the end of the User ID and Password entries of the Login screen advises you the Login is not secure. Even Porn sites secure their Login credentials.

User avatar
jim.bus
Senior user
Senior user
Posts: 301
Joined: 2011-05-28 11:49
Location: US

Re: Logins To hMailServer Form Not Secure

Post by jim.bus » 2019-09-17 04:34

I just noticed now the Login was secured. Don't know what happened before.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Logins To hMailServer Form Not Secure

Post by jimimaseye » 2019-09-17 08:57

Perhaps you have been intercepted and logged in to a rogue imitation. :mrgreen:
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 1114
Joined: 2017-09-12 17:57

Re: Logins To hMailServer Form Not Secure

Post by palinka » 2019-09-17 11:24

jimimaseye wrote:
2019-09-17 08:57
Perhaps you have been intercepted and logged in to a rogue imitation. :mrgreen:
That would be exceptionally bad for a mail administrator. :mrgreen:

That's how they got the John Podesta emails - the ones released on WikiLeaks. Ol' Johnny got a phishing email from "gmail". He forwarded the message to his IT guy who then replied "Change your password". Then a few minutes later he realized his typo and sent another message, "DON'T CHANGE YOUR PASSWORD!!" Oooops… Too late. True story.

A few months ago I received a phishing attempt that made it past spamassassin that was so convincing that I almost took the bait. Some of them are very sophisticated. Thankfully, the really "good" ones are very rare.

User avatar
mattg
Moderator
Moderator
Posts: 20144
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Logins To hMailServer Form Not Secure

Post by mattg » 2019-09-18 03:12

I've noticed that if you click links on the forum pages, some of them head to the http version
You can add the s to make https, and then reload the page and it loads fine.

I'm guessing that this forum pages doesn't automatically re-direct ALL pages to https
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mikedibella
Normal user
Normal user
Posts: 177
Joined: 2016-12-08 02:21

Re: Logins To hMailServer Form Not Secure

Post by mikedibella » 2019-09-18 03:27

If you are using Chrome you can force the site to use HTTPS by adding hmailserver.com to Chome's HSTS set at this URL: chrome://net-internals/#hsts

Be sure to tick the box for subdomains.

Post Reply