Peugeot206CC Forum

This is the place for posts that don't fit into any other category.

Moderator: RichardW

Post Reply
User avatar
GiveMeABreak
Forum Admin Team
Posts: 37005
Joined: 15 Sep 2015, 19:38
Location: West Wales
My Cars: C3 Aircross SUV HDi Flair Peperoncino Red (The Chili Hornet)
C5 X7 2.0 HDi Exclusive Mativoire Beige (The Golden Hornet)
C3 1.6 HDi Exclusive Aluminium Grey (The Silver Hornet)
C5 MK II 2.0 HDi Exclusive Obsidian Black
C5 MK I 2.0 HDi SX Wicked Red
Xantia S2 2.0 HDi SX Hermes Red
C15 Romahome White
XM 2.0 Turbo Prestige Emerald Green Pearlescent
XM 2.0 Turbo Prestige Polar White
XM 2.0 SX Polar White
CX 20 Polar White
GS 1220 Geranium Red
CX 2.4 Prestige C-Matic Nevada Beige
GS 1000 Cedreat Yellow
x 5646

Peugeot206CC Forum

Post by GiveMeABreak »

A member contacted me today regarding the Peugeot206CC Forum (http://www.peugeot206cc.co.uk/index.php), with concerns that they are still using the old insecure unencrypted HTTP protocol instead of the HTTPS SSL protocol.

Their site in its current configuration means that any and all data transmitted and received to and from the Peugeot206CC Forum is unencrypted and therefore easily intercepted. So any passwords and login information could easily be stolen as well as the content of any other information so exchanged when posting for example.

As there are no obvious admin contact details without joining - something the member did not want to do obviously, he wondered if there were any members of the FCF that were also members of the Peugeot206CC Forum, and if so, whether they may wish to contact the administrators to point out the site vulnerabilities and that their members details are at risk.

Although it is the responsibility of the Peugeot206CC site owners to secure their own forum, I said I'd put this issue into our OTCL section in case there are any members of the FCF that are also members of the Peugeot206CC forum who can express their concerns directly to their Mods / Admin team.

It was also pointed out that even access to an online repair manual locked down on the main page for 'members only' is easily accessible by simply entering the address directly.... so this shows the site is not very secure at all:

Example:

http://www.peugeot206cc.co.uk/repair-206/

I think in the interests of general user safety and concerns we've done our bit by pointing it out here, so I'm only leaving this topic open for a week or so then it will be deleted along with any replies.
Please Don't PM Me For Technical Help

Marc
User avatar
Paul-R
Donor 2023
Posts: 6916
Joined: 07 May 2009, 16:24
Location: Wirral, NW England; Vaucluse 84, France
Lexia Available: Yes
My Cars: 2015 1.6 Blue HDi 120 Peugeot 308 Active SW
2013 2.0 HDi 163 C5 Exclusive Tourer
2003 2.0 HDi 110 C5 Exclusive Estate (Gone)
2001 2.0 HDi 90 Xsara Estate (Gone)
x 1369

Re: Peugeot206CC Forum

Post by Paul-R »

Further to what Marc has said, if you are a member of the Peugeot206CC Forum and use the same login name and/or password on any other site then it is open to inspection and harvesting. I'd advise changing passwords anywhere else that you use these details.
As I get older I think a lot about the hereafter - I go into a room and then wonder what I'm here after.

Inside every old person is a young person wondering what the hell happened.

"Trying is the first step towards failure" ~ Homer J Simpson​
Post Reply