A member contacted me today regarding the Peugeot206CC Forum (http://www.peugeot206cc.co.uk/index.php), with concerns that they are still using the old insecure unencrypted HTTP protocol instead of the HTTPS SSL protocol.
Their site in its current configuration means that any and all data transmitted and received to and from the Peugeot206CC Forum is unencrypted and therefore easily intercepted. So any passwords and login information could easily be stolen as well as the content of any other information so exchanged when posting for example.
As there are no obvious admin contact details without joining - something the member did not want to do obviously, he wondered if there were any members of the FCF that were also members of the Peugeot206CC Forum, and if so, whether they may wish to contact the administrators to point out the site vulnerabilities and that their members details are at risk.
Although it is the responsibility of the Peugeot206CC site owners to secure their own forum, I said I'd put this issue into our OTCL section in case there are any members of the FCF that are also members of the Peugeot206CC forum who can express their concerns directly to their Mods / Admin team.
It was also pointed out that even access to an online repair manual locked down on the main page for 'members only' is easily accessible by simply entering the address directly.... so this shows the site is not very secure at all:
I think in the interests of general user safety and concerns we've done our bit by pointing it out here, so I'm only leaving this topic open for a week or so then it will be deleted along with any replies.
This is the place for posts that don't fit into any other category.
Messages: 2 • Page 1 of 1
- (Donor 2020)
- Posts: 5821
- Joined: 07 May 2009, 16:24
- x 942
Further to what Marc has said, if you are a member of the Peugeot206CC Forum and use the same login name and/or password on any other site then it is open to inspection and harvesting. I'd advise changing passwords anywhere else that you use these details.