XF 1.5 MITM question and going HTTPS

DarkKitarist

DarkKitarist

Member
Hello again good people at Xenforo, I hope you're having a great Sunday evening/morning/afternoon!

Anyway today someone from "Anonymous" (not really anonymous but he referenced himself as such and these times everyone does this apparently) used the MITM hack to change our banner on the website. Now the attacked who later revealed himself as an ethical hacker and a brother to someone on the website who we know.

Anyway is this a sure sign we should go HTTPS? Because the main admin is still adamant we can still stay on HTTP but I kinda disagree...
 
Sort by date Sort by votes
Brogan said:
You should identify the attack vector rather than be looking to switch to HTTPS.

If the attack vector remains, it won't make any difference.
Click to expand...
Apparently there wasn't even an attack. The brother, who I'm guessing is a gigantic man-child, was actually playing with only the packets on the PC of his brother, so none of us actually saw what he saw but we though it was a legit attack.

So again the security of our website is A OK :D

Then again if we have the possibility, should we switch to HTTPS?
 
Upvote 0 Downvote
Brogan said:
That's a personal decision but in general, HTTPS seems to be preferred these days.
Click to expand...
Apologies if this comment takes discussion too far afield from OP.

Maybe this is "apples and oranges." But speaking of HTTPS, the new PayPal-mandated security enhancements have this to say:

IPN Verification Postback to HTTPS
If you are using PayPal’s Instant Payment Notification (IPN) service, you will need to ensure that HTTPS is used when posting the message back to PayPal for verification. After Sept 30, 2016 HTTP postbacks will no longer be supported.
Would this requirement alone — for forums using PP anyway — dictate that upgrade to HTTPS isn't optional?

Thank you.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom