| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: Website Support
Thread: my.parked.ru SSL Security Certificate error ? |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 9
|
|
| Author |
|
|
Tromso
Cruncher Joined: Jul 7, 2007 Post Count: 4 Status: Offline Project Badges: 
|
When I logged in and also when I tried accessing the contact page I got the following error message pop-up in my Firefox browser which worried me.
Security Error: Domain Mismatch You have attempted to establish a connection with "stats.su" However, the security certificate presented belongs to "my.parked.ru". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site. Looking at the SSL Server certificate it is issued by Thawte Server CA - issued on 30/07/2007. It has common name and organisation my.parked.ru Serial number: 7B:7C:2A:CB:B0:CC:74:36:7F:D1:F3:E6:5D:D0:EF:9D As I am writing this I have the normal certificate in my browser of Argonne National Laboratory, which looks ok. Surely it can't be right to have a SSL certificate with a name "my.parked.ru" ? What's going on ? I've never seen this message pop-up before while browsing the web. I've not logged on to this website for a long time. I captured the screen showing the certificate details, if you need to know more. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
hmmm, the .ru must be russia. Suggest you read the start here forum post linked below on the subject and obtain a proper one or do a Complete & Clean reinstall from a BOINC download directly from Berkeley or WCG.
----------------------------------------http://www.worldcommunitygrid.org/forums/wcg/viewthread?thread=14222 For the above part, at least, if you use bOINC, you shouldbe save on the crunching side. The browser certificate, i suggest delete and clean out your browser and cookie cache and see if it repeats linking up to WCG with your browser. Added: Yes an oogle brings up a russian site. Either you are there or you browsed there. http://www.google.com/search?q=my.parked.ru&a...cial&client=firefox-a
WCG
----------------------------------------Please help to make the Forums an enjoyable experience for All! [Edit 2 times, last edit by Sekerob at Sep 20, 2007 1:13:07 PM] |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
I see what happened. World Community Grid use Coremetrics for analysing their website usage. The URL is stats.surfaid.ihost.com and it appears right at the end of every web page.
Unfortunately, something happened to the web page (presumably it got cut off) and all that was left was stats.su which is a cybersquatter domain owned by parked.ru (and it was their certificate that failed to match). This is a chance in a million. I don't think it will happen again. |
||
|
|
Tromso
Cruncher Joined: Jul 7, 2007 Post Count: 4 Status: Offline Project Badges:
|
Thanks for the replies.
I've reinstalled BOINC using latest 5.10.20 version and rebooted my PC. I still got the certificate error. I also tried using the suggested ca-bundle.crt. file. I get the error when starting my browser via BOINC, or independently on this site. I still get the error even after clearing out all unknown cookies, cache, Authenticated sessions and browser history. I'm not in Russia. I don't remember visiting a .ru site, though it's quite possible I got redirected to one after a typo error in a web address sometime. I am using the very popular noscript addon to Firefox, which I normally have to block the use of javascript on a web page. As the login button for this site uses javascript I have to temporarily allow it. I found I still got the error even when I made noscript whitelist this site and restarted the browser. I suppose it is possible noscript could still be interrupting some javascript though as I only whitelisted worldcommunitygrid.org, not ihost.com or google-analytics.com which noscript gives as options to allow for this site. Using Internet Explorer I don't get any problem reported. I've only found the problem with this site. I'm wondering if there is still something I should try to find and clean from my browser, though don't know where else to look. It only seems to be this site and I get an error message that I can just cancel to refuse the certificate, so I suppose I don't need to worry. |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Sekerob's advice was wrong, reinstalling BOINC will make no difference.
Yes, your noscript plugin is probably causing the problem. In case you didn't follow my earlier post, the URL that is causing the problem is stats.surfaid.ihost.com - this is the ihost.com script. For some reason, your noscript plugin is mangling it and only reading the first 8 characters: stats.su. By coincidence, this is a valid URL, and that site has a certificate error. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
In Firefox 2.0.0.7 there is the Options and the Advanced tab which has a tab 'Encryption' (or whatever its called in inglese). A button there left below says View Certificates. Have a look there if you were stung permanently.
----------------------------------------As For Noscript, you can tell which site Java is allowed permanently or by-session. The latest versions even allow permanently redirects and off-site links blockages, so you wont be reminded. I'm on 1.1.7.2.
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
Tromso
Cruncher Joined: Jul 7, 2007 Post Count: 4 Status: Offline Project Badges:
|
> Didactylos
Yes I understand, it does seem to be noscript causing the problem. I was just trusting the worldcommunitygrid.org in noscript, but temporarily allowing the ihost.com in noscript, did not give the error any more. >Sekerob Ah thanks, so that's where the certificates are hiding. There were several Thawte certificates under the Authorities tab. They all seem normal. The error seems to be because this 3rd party site has a certificate with an error that noscript was accidentally connecting me to. I am using Firefox 2.0.0.7 and noscript 1.1.7.2. In noscript I could see in the options under Appearance there are now "Full Domains" and "Full Addresses" options which can be turned on the contextual menu. Just trying these it did turn options to Allow/Temporarily Allow surfaid.ihome.com stats.surfaid.ihome.com and https://stats.surfaid.ihome.com I've not bothered testing those, but at least there was no mysterious stats.su option ! I was originally concerned that there might be some man in the middle attack involving certificates with an SSL connection, but it just seems an obscure noscript error. I'll email the noscript author to let him know, but it is probably not worth taking further unless he is hearing similar problems with other sites. Thanks for both your help and well done on spotting the stats.su problem. |
||
|
|
Sekerob
Ace Cruncher Joined: Jul 24, 2005 Post Count: 20043 Status: Offline |
Simply add the ihost and google.analystics to the forbidden list and no fix is needed.... it's the reason others may not have come across it, but surely worth alerting the author. Who knows it was just a total fluke for that to happen, but as it is these cybers-quatters do choose names so mishaps or typos will lead to them. It's also worth reporting to Mozilla (on the help menu of Firefox is an option) as they'll be interested in how the quirk could have come about.
----------------------------------------Sorry, did not want to misdirect you, but ensuring BOINC is whole was the first thought I had.
WCG
Please help to make the Forums an enjoyable experience for All! |
||
|
|
Tromso
Cruncher Joined: Jul 7, 2007 Post Count: 4 Status: Offline Project Badges:
|
I've sent the "Software development & support" contact mentioned in the noscript site an email report and link to this thread. They can investigate further if they want to.
I did not know ihost.com was IBM when first seeing this. Usually I only allow the main site in noscript when I have to let it allow something, but it's not a problem allowing these other things if they are legitimately to do with this site. It was just seeing this puzzling certificate error in an SSL connection that worried me, now it's explained I'm happy. Thanks ! |
||
|
|
|