topic Re: xxxxx.plus.com access issues on mobile in Everything else

xxxxx.plus.com access issues on mobile

offscotland — Wed, 10 Jan 2024 20:05:09 GMT

Just of late I am unable to access my webspace using Chrome and Google on my Samsung S10. When I do a search using Chrome/Google can 'see' the web pages in the search results but clicking any of the pages it goes straight to the plus.net login page.

Typing a vaild internet address with my domain prefix in a whatsapp messge it come back with saying Secure Connection Failed

Re: xxxxx.plus.com access issues on mobile

Townman — Mon, 15 Jan 2024 12:42:08 GMT

This could well be down to smart ass browsers dictating https:// rather than http:// protocols.

Plusnet's web hosting platform does not support https://

It can be argued that if one is not filling in any forms on a website, there is no absolute necessity for https:// however over zealous security folks will put the fear of god into folks about the risks(!) of minimal likelihood events for personal websites (such as traffic interception and content injection aka man in the middle).

If you want to enable https:// for your website, I'm sad to advise that you will need to change hosting providers. Take a look at Mythic Beasts.

Re: xxxxx.plus.com access issues on mobile

Townman — Mon, 15 Jan 2024 12:59:21 GMT

I have just undertaken a reference test on my own little used Plusnet website.

The iPhone browser will not connect to the site, I get SERVICE UNAVAILABLE please try later.

MS Edge will connect to the site as http://

Attempting to connect using https:// flashes up an alarmist warning that someone might be trying to hack this site ... and offers the option to proceed anyway ... but ...

@bobpullen

Choosing to ignore the security warning with https:// then takes me to Multi-award winning UK broadband provider | Plusnet [https://www.plus.net/broadband/home/]

Thereafter if I try to access https://mydomainname... It goes straight to the Plusnet landing page with no warning.

Another test to https://www.myaccount.plus.com gives the usual warning and ignoring it displays the same page. I noted this error message:

This server couldn't prove that it's www.myaccount.plus.com; its security certificate is from homepages.plus.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Is this intended behaviour?

@offscotland - in passing https://homepages.plus.net/myaccount/ does work but is not likely to be helpful!!

Re: xxxxx.plus.com access issues on mobile

bobpullen — Mon, 15 Jan 2024 14:02:59 GMT

@Townman wrote:

@bobpullen

Choosing to ignore the security warning with https:// then takes me to Multi-award winning UK broadband provider | Plusnet [https://www.plus.net/broadband/home/]

Thereafter if I try to access https://mydomainname... It goes straight to the Plusnet landing page with no warning.

Another test to https://www.myaccount.plus.com gives the usual warning and ignoring it displays the same page. I noted this error message:

This server couldn't prove that it's www.myaccount.plus.com; its security certificate is from homepages.plus.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Is this intended behaviour?

Whether or not the Chrome behaviour is intended or not, I cannot say.

The certificate mismatch will be an artefact of this (very old) design that was implemented aeons ago to allow partial use of SSL on the Homepages platform (expand the 'How do I use SSL on my Plusnet webspace' section).

I'm guessing removing the certificate from the Homepages platform may help, however that would break any SSL URLs that customers are using on their sites.

Re: xxxxx.plus.com access issues on mobile

Townman — Mon, 15 Jan 2024 14:24:21 GMT

Hi Bob,

Thank you for the legacy material specification.

From what o read around the subject earlier, it seems that some browsers are deprecating http:// as the world evolves to HTTP/2 whatever that implies.

Is the landing on the Plusnet broadband page on accepting the risk something to do with intentional rerouting of the failed https:// request?

Re: xxxxx.plus.com access issues on mobile

offscotland — Mon, 15 Jan 2024 20:14:34 GMT

My website is very simple. I want anyone to be able to type www.myaccount.plus.com in their browser and get to my homepage (index.html) on any browser and/or platform. It doesn't need to be secure as I don't ask for any input. I also let folk know specific pages e.g. details of the boats built in Eyemouth are listed at www/myaccount.plus.com/Boatyards/Eyemouth.htm or find details of my boat with www.myaccount.plus.com/RosDonn/Gallery1.htm.

This seems to have stopped working although I haven't bottomed out the combinations Mozilla/Edge/Chrome on PC or mobile and whether links in Whatsapp and Facebook on all platforms are problematic.

Given that I have not changed my methodology but things seems to have changed I'm guessing that it is something with PlusNet.

With increased use of Whatsapp it is disappointing that these links no longer work but end at a the Plus webpage.

As you say, the use of https://homepages.plus.net/.... works but is a bit of a mouthful to have to use.

By way of an example do a Google search for Duns District RSCDS

One of the results comes up with RSCDS Duns & District but is headed with Plus Net. I'm sure this 'Plus Net' is new and why it now doesn't always work.

Ian

Re: xxxxx.plus.com access issues on mobile

Townman — Mon, 15 Jan 2024 21:58:58 GMT

You might want try this again. I just tried to find the resources I looked at earlier … and do a check on another of my websites which does not have / need https:// on my phone.

Thankfully that worked fine, so I rechecked my Plusnet site and it also worked fine … when it did not earlier.

It would be useful if those encouraging issues with your site can tell you which browsers (including versions) they have issues with. See https://www.tomsguide.com/news/downloading-files-from-http-sites-soon-wont-be-possible-in-chrome-why-it-matters Google is yet again acting like bully boys. There is some possibility that your users’ browsers are FORCING https:// requests when there is zero requirement for such.