Back online - thanks for your patience!

A security issue was identified and in efforts to remedy it, technical issues were experienced causing the forum to be down and then restricting members from signing in. Resolving the matter was made high priority, but unfortunately took longer than hoped to correct. We are happy to be back online, with the chatroom also up and running. A few loose ends still need to be worked out but the worst should be behind us!

Thanks for hanging in there these last couple of days, and welcome back y’all!


im glad things are up and running again. And yes chat is up and running again :slight_smile:


Chat is not fully functional, yet. PMs seem to have stopped working.

Were you unable to edit the homepage? As the outage extended past 24 hours it was the lack of any notice on the homepage, which was still accessible, that had me worried. Made me think something more permanent might be going on.

1 Like

This is a valid point, @DrBB. I am uncertain if a homepage edit was available to us; I don’t think it was. We could have communicated better and we’ve learned from this. We will try to do better in the future. Fortunately, this kind of event has not happened very often. Thank-you for offering this perspective; it’s important.

1 Like

chat applet is gone now, i think it would appropriate for someone from upper management explain what is going on other than “security issue”

@Philmore, I’ll do my best to explain based on what I know. Please keep in mind that I am not an IT person.

Our sign-in function was amended to include a Facebook login option. When that was done, coding resulted in a change of the forum’s domain from https to www. Www is considered insecure. Users were getting warnings about logging into our site.

Subsequently, members on our admin team received “lockout” messages which were determined to be a scam.

IT professionals were dispatched to address this issue. In efforts to resolve this, some coding issues from our extensive migration from Ning were uncovered. This extended the time it took to correct the matter. Beyond this it gets more technical than I can properly speak to.

The site has returned to one with https in its domain and is again secure.

1 Like

Formerly, TuD was using HTTP (HyperText Transfer Protocol). Now they are using HTTPS (HyperText Transfer Protocol Secure)

By using HTTPS, the communication between your browser and the web server is encrypted so that no one in between can read it. This helps keep your communication safer.

There may have been other changes that were made, but the switch to the secure protocol was the most obvious.

As you can see here, they are still not setting both the Secure and HttpOnly flag for all cookies, which would be preferable if the cookie does not need to be accessed by any legitimate JavaScript.

And as I mentioned here, they should also eliminate support for TLS v1.0.