Security Warning

7 years 6 months ago #181728 by jwall101
Hi.

I've got a temporary Wordpress holding page in place while I develop the Joomla/CB site and, after making the DNS changes I'm not getting the following message:



Security Warning
Warning! Webmin has detected that the program (site url) was linked to from an unknown URL, which appears to be outside the Webmin server. This may be an attempt to trick your server into executing a dangerous command.
If your browser does not send the Referer header needed, you can turn off this check as follows :

Login to Webmin normally.
Go to the Webmin Configuration module.
Click on the Trusted Referrers icon.
Check the Trust links from unknown referrers box, and click Save.
Alternately, you can configure Webmin to allow links from unknown referers by :

Login as root, and edit the /etc/webmin/config file.
Find the line referers_none=1 and change it to referers_none=0.
Save the file.

Apart from not being able to find the Webmin Configuration which I believe is a server setting and so outside of my scope, I don't know how to rectify this. The site should be live even though it's not a Joomla site at present.

Any help would be most graciously received. Thanks all for CB and all that it means - I've spent the past few weeks really investing time and money into it and I feel it's paying off dividends.

Jonathan
7 years 5 months ago #185184 by Margaret
When logging in to my Eircom Email Account I get the following:
"Although this page is encrypted, this information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"
I have searched the problem on the Web and found all sorts of comments and advice - some of it contradictory.There have also been some postings on Mozilla Forums but no resolution.
The most likely explanation (which I don't fully understand as I am a relative PC novice) I have found is this
" the login form submits to a javascript. The javascript does some setting of form variables and such depending on the page you're logging in from, then submits the login form. It turns out that Firefox, because it doesn't know exactly what the javascript is going to do on the client side, has to assume that the javascript is submitting the form data to an unencrypted page."
Even though that isn't the case here, that's where the popup message is coming from.
It seems that there is no security risk ( I hope!).
My two basic questions are
1/ Is the problem with Firefox or with this particular login Webpage? (I don't get the warning when logging in in other secure pages)
2/ HOW DO I GET RID OF THIS WARNING. All of the many suggestions I have tried have failed - Tools/Options ; about.config ; security.warn settings etc. etc.
7 years 5 months ago #185196 by beat
Margaret,
If that is on our hosting, webmail is by https, and if your domain does not have a valid cartificate (and a dedicated IP address needed for a SSL certificate) you will be getting that warning.
To not get a warning, use the alternate webmail address as received in your setup email. Login is same.
If you have any questions, please login on our hosting portal and open a ticket there, so that we can help you with exact information (as it depends on your hosting).

Jonathan,
I just saw your post above, but I think i saw same in our hosting ticket support, around a month back too and believe it is solved issue. If not, please open a ticket on our hosting. It is a security feature of webmin, and by adding an alias virtual server with another domain name, you can access fully.

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Moderators: beatnantgcorbazkrileon
Time to create page: 0.397 seconds
Facebook Twitter Google LinkedIn