Gamependium.com security warning?

grenadier · December 2020

Anyone know what is up with gamependium.com? They're throwing a security warning in Chrome warning that the page may have been hijacked.

cooperbigdaddy · December 2020

I saw that too, so I'm scared to update my roster on there.

LFChikarason · December 2020

It goes down every 3 months or so, it's a bummer

DAZ0273 · December 2020

Yeah this is why I stopped updating my roster on there too.

XandorXerxes · December 2020

Gamependium has always been resistant to using proper security certificates. It resisted using them for the longest time, and now it doesn't maintain it that well.

The error I'm seeing is: NET::ERR_CERT_DATE_INVALID and if you click advanced it tells you a pretty self-descriptive statement - "This server could not prove that it is mpq.gamependium.com; its security certificate expired 13 days ago."

I'm going to be a little liberal with my terminology because it makes it easier to explain, so for those of you who know this stuff feel free to jump on me but I promise I'm doing it intentionally:

Certificates are a server's way of saying "I am the server you want to connect to and not a different one." When you request a certificate from a certificate authority, you have to set an expiration. Shorter is technically better from a security perspective because it means you're essentially validating yourself more often. In this particular case the owner of gamependium has decided not to re-validate before his certificate expired (by almost two weeks it looks like). In terms of security problems this one is really mild. What you REALLY want to watch out for is when the certificates don't match - e.g. you get a warning when going to google.com that the certificate is for somethingelse.com, because that's indicative of someone trying to compromise your traffic (there's probably another underlying issue, too).

I don't endorse using sites that are slack on their security, but if you'd really like to use Gamependium I wouldn't be too worried about this particular problem from a security perspective. Given that it's the holiday season I wouldn't expect the owner to fix it until January since it's not already taken care of.

LFChikarason · December 2020

DAZ0273 said:

Yeah this is why I stopped updating my roster on there too.

Other than just a spreadsheet or nothing, are you using something else?

DAZ0273 · December 2020

LFChikarason said:

DAZ0273 said:

Yeah this is why I stopped updating my roster on there too.

Other than just a spreadsheet or nothing, are you using something else?

Nope and I miss it. Updating my roster would be quite a chore too given how out of date I am.

Loosie · December 2020

I’m using a spreadsheet. Where I’m at with my roster it’s easier. And I can also keep track of shards and feeders

JFisch · December 2020

The owner of Gamependium used a free SSL certificate service. The pro: free! The con: expires in 90 days. Depending on your browser, you can get around it and, so long as your account password isn't a shared one, there wouldn't be much compromised.

Except...

Well, it expired in September and if you try to go around it, the hostname is invalid as well. So I'm about 99% convinced Gamependium is dead now.

Cymmina · December 2020

I am the owner of Gamependium. The reason behind delayed certificate renewal is complicated: the short story is that it has to be done manually every time it expires. I'm not the administrator of the server and do not have root access, so I have to make a request every time it needs to be done. It doesn't help that the "your certificate is expiring today" email for the certificate arrives about 2 hours before it actually expires.

The reason it hasn't been updated this time is because the certificate provider I had been using has done a bait and switch. They changed over all their stuff several months ago and now there's a limit of 3 free certificates.

Since I don't make any money off of any content on the server, it's hard to justify paying for certificates when the content isn't actually important enough to be secured from eavesdroppers. The server admin and I don't have time to go through the hoops of manually renewing certificates, since we've moved on to playing other games.

The plan is to remove the certificate requirement (and there redirect from http to https) so that you can still have access to the content soon(tm).

Reecoh · December 2020

Cymmina said:

The server admin and I don't have time to go through the hoops of manually renewing certificates, since we've moved on to playing other games.

Can your admin use Let'sEncrypt? It's free and has an auto-renew bot that works like a charm.

Or maybe consider finding a new owner to take it over?

jkzl · January 2021

"Free"
"Free Forever"
"You have reached the maximum number of certs on the free plan"

FREE

FOREVER

(or maybe just for 30 months or less)

gotta love people. just know that we appreciate the time/effort/work that you put into this @Cymmina

grenadier · January 2021

Looks totally dead now, sadly.

jkzl · January 2021

For those that haven't tried it, you can just take the S out of https:// and the site is operational.

http://mpq.gamependium.com/

-instead of-

https://

grenadier · January 2021

Thanks for the tip. Didn't even realize I had the secure protocol on my bookmark.

LFChikarason · January 2021

Twice I went in to update my roster and twice it didn't save, it timed out very quickly. Sadly, I think I'll just stick with my spreadsheet

StormDragonE55 · January 2021

I can't seem to access my roster even without the secure protocol. Every time I try to sign in it tells me my account doesn't exist. Oh well. I totally stick when I comes to spread sheets. I'm going to be guessing from here on out.

grenadier · January 2021

Guessing that since they no longer support https, that anything require a secure connection, such as logging in, is broken?

Gamependium.com security warning?

Comments

Categories