Thursday, March 30, 2017

ssl

I've re-enabled SSL for the site by using Cloudflare's services. Unless your DNS is stale, like mine is, you should be seeing https in the address and a lock in your browser. :)

Wednesday, March 22, 2017

Site registration

It appears that site registration is mostly broken.

I discovered that the site wasn't sending activation emails, so I found a plugin to bypass that and automatically register new accounts. It partially works in Chrome, but only returns a blank page once the account is created. During troubleshooting, I discovered that other browsers give a javascript and cookie error when trying to register, even when they are enabled in your browser. This error is caused by an anti-spam plugin I'm running, which I have temporarily disabled. Now, the other browsers behave the same as Chrome did. If you create an account, just go back to the main page after the blank page appears, and log in using the new account credentials. I will keep an eye out on spam and may have to re-enable the anti-spam plugin (or find a new one) if this becomes a problem again. I will try to track down the bug with the new plugin. It hasn't been updated in quite some time, after all.

edit: Partially resolved. The system now proceeds to the page that says the activation email has been sent, even though activation is not needed. You can click Log in and proceed from there.

edit2: Resolved! There's a "redirect" option in the plugin, which I sent back to the main page. The original problem turned out to be with the Gmail SMTP plugin I was using for outbound e-mail. Turns out something had happened, and it was failing authentication. I disabled it (for now), so site-wide e-mail is currently not working. Any password resets will need done manually until I get it working again ;)

edit3: site-wide email should work again as well :)

Tuesday, March 21, 2017

CoCo

After a looong amount of downtime, I've resurrected my old CoCo page, including my old CoCo Serial# Database. The database likely needs an update... Maybe move it from a flat file to a MySQL database, and make the entries easily editable.

Monday, March 20, 2017

Letsencrypt

Does anyone know how to get Letsencrypt working with U Host Full? I moved the website over, as my poor little netbook just couldn't keep up, and it just fails when verifying ownership. Unfortunately, I can't use DNS to verify the domain, as I can't add TXT records. If I could, this would be a non-issue.

edit: It appears that it's getting an error: 403 - Access Forbidden. When I visit the URL to validate ownership, it displays fine. When I use wget to access the same URL, I get the Access Denied error. And if I debug the letsencrypt client, it actually shows a bunch of headers that I don't see when accessing it myself. Go figure.

edit2: It looks like U Host Full doesn't like the user agent that wget or Letsencrypt sends be default. Changing it for wget to just "firefox" does the trick, even though "firefox" by itself isn't a valid user agent. I think I can change the client reported by Letsencrypt as well, so I should have ssl enabled soon.

edit3: wget issue resolved, but U Host Full is serving up some javascript to Letsencrypt for some reason. Trying to figure that out.

edit4: The javascript that's being served up is some anti-bot measure that U Host Full has in place. It's also blocking validation for a couple other things I'm working on :/ I've opened a ticket with them, but it looks like I may be looking for a different hosting provider again. Granted, I'm using their free hosting plan, but I don't mind upgrading to their premium hosting, but not unless they prove their serious about securing the web by allowing it to work on their free plans.