Page 1 of 1

Logins To hMailServer Form Not Secure

Posted: 2019-09-17 03:53
by jim.bus
I just noticed that logins to hMailServer Forum is not secured. User ID and Passwords could be intercepted. The little icon at the end of the User ID and Password entries of the Login screen advises you the Login is not secure. Even Porn sites secure their Login credentials.

Re: Logins To hMailServer Form Not Secure

Posted: 2019-09-17 04:34
by jim.bus
I just noticed now the Login was secured. Don't know what happened before.

Re: Logins To hMailServer Form Not Secure

Posted: 2019-09-17 08:57
by jimimaseye
Perhaps you have been intercepted and logged in to a rogue imitation. :mrgreen:

Re: Logins To hMailServer Form Not Secure

Posted: 2019-09-17 11:24
by palinka
jimimaseye wrote:
2019-09-17 08:57
Perhaps you have been intercepted and logged in to a rogue imitation. :mrgreen:
That would be exceptionally bad for a mail administrator. :mrgreen:

That's how they got the John Podesta emails - the ones released on WikiLeaks. Ol' Johnny got a phishing email from "gmail". He forwarded the message to his IT guy who then replied "Change your password". Then a few minutes later he realized his typo and sent another message, "DON'T CHANGE YOUR PASSWORD!!" Oooops… Too late. True story.

A few months ago I received a phishing attempt that made it past spamassassin that was so convincing that I almost took the bait. Some of them are very sophisticated. Thankfully, the really "good" ones are very rare.

Re: Logins To hMailServer Form Not Secure

Posted: 2019-09-18 03:12
by mattg
I've noticed that if you click links on the forum pages, some of them head to the http version
You can add the s to make https, and then reload the page and it loads fine.

I'm guessing that this forum pages doesn't automatically re-direct ALL pages to https

Re: Logins To hMailServer Form Not Secure

Posted: 2019-09-18 03:27
by mikedibella
If you are using Chrome you can force the site to use HTTPS by adding hmailserver.com to Chome's HSTS set at this URL: chrome://net-internals/#hsts

Be sure to tick the box for subdomains.