Page 1 of 1

Server move, SSL connection

Posted: 09 Feb 2019, 21:25
by ividyon
Hi guys,

just letting you know (if you didn't notice the downtimes yesterday) that the website has now migrated to another webhost.

One of the upsides of the move is that we are now finally using the HTTPS protocol, following web security standards that have been set years ago.

Besides that, there should be no particularly exciting changes that are visible to you directly.

Let me know if you experience any sudden unusual problems!

- ivi

Re: Server move, SSL connection

Posted: 10 Feb 2019, 16:46
by Sat42
Good move! No more silly security warnings when I want to login to the site :)
No new problems

Re: Server move, SSL connection

Posted: 12 Feb 2019, 20:39
by Diego96
Are PMs working? I get the 504 Gateway Time-out error.

Re: Server move, SSL connection

Posted: 13 Feb 2019, 01:30
by Dr.Flay
Grade A cert and configuration
https://www.ssllabs.com/ssltest/analyze ... realsp.org
The host is not using DNSSEC or has not configured it properly
https://dnssec-name-and-shame.com/domai ... realsp.org

Re: Server move, SSL connection

Posted: 13 Feb 2019, 13:03
by ividyon
Thanks! Sadly the DNSSEC thing seems to be out of my hands, as that appears to be something that's configured on the side of the nameservers, which I do not provide, but rather just use. I have opened a ticket with my domain registrar to ask about it, though.

Diego96 wrote:Are PMs working? I get the 504 Gateway Time-out error.


I have gotten several of those reports now; I will have to look closer into this.

I believe that your PMs will get sent off anyway, even though your browser gets stuck. Can you confirm?

Re: Server move, SSL connection

Posted: 13 Feb 2019, 13:13
by UB_
I had two ppl sending me PMs and both sent three each, so yeah there's a bug.

Re: Server move, SSL connection

Posted: 13 Feb 2019, 13:38
by ividyon
Unrelated to the 504 issue, but I'm now preparing to employ CloudFlare to use some of their features, as well as their nameservers, as these seem to comply to DNSSEC.

While I'm somewhat of an amateur in this field of DNS and protocol security, I'll try to set it up in a way that continues to use my own SSL certificate, as I've seen some security/privacy concerns about the platform.

Re: Server move, SSL connection

Posted: 13 Feb 2019, 22:20
by Dr.Flay
Such a pain but unless you admin the actual host systems DNSSEC is something you have to hope for as generally it is out of your hends.

Yeah using cloudflare can add DNSSEC, but I'm still not seeing many sites using it that do use cloudflare. This puzzles me since CF did say they were rolling it out as standard.
Possibly it is a host configuration issue.

On 1 level this site is at low risk of spoofing, but as the amount and effectiveness of attacks on DNS is escalating, it is best to use DNSSEC if you can, though don't worry about it too much.

Agreed with using your specific cert.
The way CF are minting certs with loads of unrelated sites included, leaves domains open to abuse if 1 of those sites is compromised.
It makes a mess of domain validation if the cert for someone elses site also works on yours.

Unfortunately as you have noticed due to the low uptake of this old standard there is not so much in the way of guides and tutorials.

Re: Server move, SSL connection

Posted: 14 Feb 2019, 14:43
by ividyon
DNSSEC is now enabled for unrealsp.org. The "Name and shame" tool above still continues to report that it's disabled, but both my registrar and CloudFlare, as well as this link, say it's on. :)

EDIT:

The name-and-shame tool has now also updated to stop shaming. That website concept is very weird in itself, but okay...

Re: Server move, SSL connection

Posted: 19 Feb 2019, 03:07
by Dr.Flay
It must have been a delay in DNS replication.

Well I believe congratulations are in order, and a round of drinks !
It is highly likely eg. 99.99% certain that this is the very first site in the Unreal universe to be correctly using DNSSEC \o/
Even Epic epic fail https://dnssec-analyzer.verisignlabs.co ... cgames.com which makes having a green padlock, pointless.

As more people are moving over to DNS such as 1.1.1.1 9.9.9.9 and 8.8.8.8 those users are now finally protected against spoofing.
I imagine most existing Unreal and UT players are using 1 of these faster DNS anyway, but now we just need for ISPs to also.... ah... yes... ISPs doing something they are not forced to, or generates money...

OK. at least anyone that has manually changed DNS settings should be protected anyway