Security problem on your site http://forum.libreelec.tv

tpreissler · April 16, 2016 at 11:10 AM

Hi,

first of all, many thanks for LibreELEC (many thanks for OpenElec too!). I enjoy it on a number of devices.

I just came across your site had a look around and noticed the following issues:

* I noticed you advertize XML-RPC, which is considered harmful - at least with WP based sites: WordPress Sites Leveraged in Layer 7 DDoS Campaigns
* Also, there is no https:// , login to this form is via http:// -- this is quite bad, as login details are unencrypted. Verified with httpFox in FF.

Just to reiterate, I have not done any scanning of your site, just used a browser (and "view source").

Anyway, keep up the good work with LE, when the final is out, I definitely will give it a spin. (I kept misreading LE as "Let's Encrypt"... haha)

Cheers

Thomas

tpreissler · April 21, 2016 at 1:24 PM

Hi guys,

you could use Let's Encrypt certificates, they are free and work just fine.
The original Let's Encrypt client is a bit of a biest, I would recommend using acme-tiny GitHub - diafygi/acme-tiny: A tiny script to issue and renew TLS certs from Let's Encrypt instead.

Regards

Thomas

**CvH** · April 21, 2016 at 7:28 PM Official Post

we have a look tx