Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 15 of 15
Originally Posted by gregm ... Of course this depends on whether the people accessing your site choose to trust you. You can get fully valid and signed certificates from here: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,906

    Quote Originally Posted by gregm View Post
    ...
    Of course this depends on whether the people accessing your site choose to trust you.
    You can get fully valid and signed certificates from here: https://www.startssl.com/

    They only last for a year, but they're free, and easy to renew. If you're trying to be secure about this, then generate the public/private key pair yourself and submit the cert for signing using a PKCS#10 block - that way the signing service only ever sees your public key, nobody but you will have your private key.
    Linux user #126863 - see http://linuxcounter.net/

  2. #12
    Just Joined! KenWeiLL's Avatar
    Join Date
    Jan 2014
    Location
    Philippines
    Posts
    10
    Quote Originally Posted by Roxoff View Post
    With that in mind, then perhaps the best solution would be to try and host your website somewhere else, somewhere other than in the Philippines? If you had a host and an IP address in another territory, then others could connect, and only accesses from inside the Philippines would suffer from any kind of injection?
    I don't want to host websites anywhere in the Philippines. Hosting websites here in the Philippines is very costly. It's much cheaper to host on, in my case, Namecheap than to host here in the Philippines.

    Only the visitors from the Philippines connecting via Globe Telecom mobile internet are affected on the injection. Other connections, not via Globe mobile, are not affected.

    @gregm
    I used to have https enabled before when my website was hosted on Hostgator. They offer 1 free SSL certificate per hosting account. I transferred my websites from HG to Namecheap after Hostgator was bought by EIG. After EIG bought it, there have been a lot of downtimes. And their customer service went unresponsive, taking at least a week or two before you'll get a response. Well, I don't like downtimes and so I migrated to Namecheap.

    Namecheap doesn't have that free SSL. Also, I've noticed before that website with https enabled seems to load slower compared to that with http only. Load times affects SEO as well.

  3. #13
    Just Joined! KenWeiLL's Avatar
    Join Date
    Jan 2014
    Location
    Philippines
    Posts
    10
    I'm currently browsing via Globe mobile internet and javascript injection is still present when opening http sites.

    Here's the code injected to websites. This code was different than before.

    Code is found on w w w . kenweill.com/linuxforums/javascriptinjection.txt saved as text file.

    I tried to attach the code in here via code tags but it doesn't work.

    As with the text file, it's like it was pasted twice but it's not. I don't know why it's doubled when viewed on browser. Probably because of CloudFlare enabled on my website.

  4. $spacer_open
    $spacer_close
  5. #14
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,906
    That script seems to point at mywebacceleration.com, at the host toolbar.mywebacceleration.com.

    Would it help you personally if you pointed that address at an inert site (say, localhost) using an entry in your local /etc/hosts file? That way your browser wouldn't go reading scripts off that site? You might even be able to blacklist the site using your cross-site scripting protection settings either in your browser or in a browser plug-in.

    Interestingly - from here I can't get a web response from www.mywebacceleration.com or toolbar.mywebacceleration.com. It's a really crap accelerator if all it does is hold your browser up because it doesn't respond to your web requests...
    Linux user #126863 - see http://linuxcounter.net/

  6. #15
    Just Joined! KenWeiLL's Avatar
    Join Date
    Jan 2014
    Location
    Philippines
    Posts
    10
    Last night, I thought it was double posted due to CloudFlare. I didn't realize that the ISP injected the code itself on a txt file since I'm viewing from Globe mobile last night.
    It's not double posted when viewed on different ISP.

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •