New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LowEndBox newsletter domain cert expired long time ago
I've always been curious about some detail of LowEndBox's newsletter, and since a new one just came in (about the $1 VPS providers), I'm just gonna ask here. In the mail there are links that redirects to lowendbox.com, and they are like this: http://newsletter.servicewebconnect.com/l/XXXXX.
- Why use plain HTTP? Some ISP might do MITM with plain HTTP and redirect them somewhere else. Modern browsers also tend to warn about insecure connection and stop the navigation.
- If I manually change
http://tohttps://, well, the HTTPS certificate this domain is using expired on Xmas eve of 2021. So why is LEB not using automated LE certs for HTTPS? I'd assume newsletters are an important part of promotions, so that's kind of strange.
Comments
I think the odds of a MITM by the ISP are low, but definitely no reason not to use HTTPS these days.
The Sendy login also isn't secure...
We encountered MITM by ISP in the past.
They were inserting affiliate tracking ID in Amazon links.
After we complained, they stopped in a week.