Woodnet.net gone toxic?

P

Packard

Member
Joined
Nov 6, 2020
Messages
4,752
I am also a member of Woodnet.net where I post on occasion. 

Today when I went to log on, I got this message:

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to cloudfront-origin.forums.woodnet.net. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

If they cannot straighten this out I am not going back.  I've been posting there for 20 years or so.  So this came as a shock.
 
Usually this is caused by a hijacked ad.

Should go away once the powers that be puzzle things out.
 
Hi.  I went to the site & tried to register using Firefox.

The following message came up for me:

"Web Protection by Bitdefender
Suspicious page blocked for your protectionhttps://cloudfront-origin.forums.woodnet.net/member.php?action=register

Your connection to this web page is not safe due to an unmatching security certificate.
This means that the certificate was issued for a different web address than the one it is being used for, and you run the risk of exposing your data by accessing this page.
I understand the risks, take me there anyway
If you know this page is not dangerous, you can add it to your Exceptions list of trusted websites. Be aware that you will not be warned about any threats existing on this page."

I have, on very rare occasions, had this come up this before.  If it is a site I do trust - I have just gone ahead.

Guess would be prudent to not go ahead if unsure.

Regards
Richard
(Approx' 21:42 UK time)

 
SSL certificate expired, usually.  If their web guys are any good, it'll be fixed in a day or two.

 
The problem is the "Firefox" blocker is actually relying on Google database and that database is undocumented.

That is actually on purpose to make it more difficult to bypass - but it also makes it more difficult to avoid being blocked.

If your site gets there, bad luck. There is NO IMMEDIATE WAY to solve the issue and Google support bots are useless for the most part.

Be cautious, as always.
But also beware the overlords that be are happy to block legitimate sites and will NOT restore them even when the site owner proves there is not issue.

It can take weeks to be removed from the blocklist even with commercial sites with IT staff working 24/7 on a fix.

Normally, the actual fix is to have your site re-built from scratch on other domain as waiting on Google to fix its blocklist can take you out of business before that happens...

EDIT:
Err, looks they have some issues with the site, I get "cloudfront-origin.forums.woodnet.net redirected you too many times."

That normally indicates some scripts have a bug and create an endless loop.

Give it a few days.
 
This could have to do with Flash no longer being supported, for which the drop dead date was recent. I get the same error message wen I go there and also at another site I have frequented for years.
https://www.adobe.com/products/flashplayer/end-of-life.html

Or more likely it is because the site has not upgraded to a secure server (https:// vice http:// ). More information is available here. It's been coming for over a year, and those who have refused to upgrade their sites are now feeling the pain of their resistance to change. Change for the better for their visitors mostly. So that just says they don't care about you that much.
https://www.forbes.com/sites/zakdof...-content-will-now-be-blocked/?sh=316bc20730a9
 
Bob D. said:
...
So that just says they don't care about you that much.
Click to expand...
I would not be so harsh.

Firstly their HTTPS seems fine, there is/was some javascript issue or so it seems. Can be anything but looks UP now.
From the design of the site you can see clearly these are not people who "live by web design".. More like people who live by wood design. Pun intended.

Such independent sites are /thankfully/ about content and "staying up to date" with the "latest and greatest" is often a major challenge for the crew. Especially if IT is not their area.

Not sure about woodnet.net specifically, but one should give these venues a bit of slack on these things.

As long as they do not get breached or /actively/ distribute malware which is not the case here.
 
Don't fret it, it's just an expired security certificate, FireFox does this all the time. Webmasters wil have it fixed quickly if it is a legitimate website.
 
I just got this on Chrome -

Your connection is not private
Attackers might be trying to steal your information from cloudfront-origin.forums.woodnet.net (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
 
They have a couple issues, but likely the main one people hit is this:

The cert they use is for a hostname of "CN = forums.woodnet.net" while the site *can* be accessed also indirectly via a frame on "woodnet.net". This is a problem as modern browsers are "unhappy" any time when they see "hybrid" HTTTP/HTTPS sites like this. It can be made work, but is a pain.

If anyone has issues, you should try accessing the forum directly via its URL:https://www.forums.woodnet.net/index.php

They are definitely struggling with the whole HTTPS thing at the moment, but the cert they use IS VALID. It is just that they seem to have some funky redirections of their web which can cause errors if accessing the site viía indirect means.

These types of issue typically happen when a site that was designed as "HTTP" is enabled for "HTTPS" later on without enough testing. HTTPS/TLS have some special requirements on how you need to design your web for browsers to be "happy".

It not easy - by any sort of imagination - to re-architect an existing semi-complex HTTP site to work well in HTTPS mode. And that is when you know what needs to be done ...

EDIT: From what I checked, these issues on themselves DO NOT indicate any sort of malicious activity on the part of the site.

They just seem to have messed up some upgrade/migration and are likely working full tilt to get it sorted now. Give them time and check in a week.
 
Thanks for all the replies. 

This website used to have a bunch of really knowledgeable members who would share regularly.  I suspect many of them have gone to join the Holy Carpenter. 

At any rate, it is not as informative as it used to be (or maybe I know more and am less impressed).  They seem, as a group, to be Festool-skeptics.  (Mostly skeptical about spending that much money for something that they have lived without for so long.)

But habits die hard and I will go back soon.

So thanks everyone.

Packard
 
This morning, no longer "gone toxic"; now simply "gone". 

I tried several times to reach Woodnet and each time I get a message "Server Not Found".

Maybe they simply closed shop. 
 
People, please GIVE THEM TIME.

They clearly have issues with some upgrade and are actively working on it. This is normal.

The site is apparently not backed by a major company with a proper IT department so until they sort it out they will go up/down several times. Again, this is normal and nothing to fret about.

Disclaimer:
I am in no way affiliated, but this new culture of assuming every single outage must mean some malicious situation is getting old on me fast fast.
If you are not Amazon/Google/Etc. just being "up" 24/7/365 is not to be taken for granted. It takes money/effort or time to stay up. Small independent establishments may simple not have the money/effort option in abundance so everything takes days even weeks at times.
 
You must log in or register to reply here.

Similar threads

P
woodnet.net security certificate??
Replies
5
Views
2K
tsmi243
T
Maximus
**WARNING** UK Dealers To Avoid
2
Replies
31
Views
11K
LJD
L
Back
Top