pldb
pldb copied to clipboard
breck7
Website loading with SSL error (on Firefox, RX too long, on curl, wrong version number)
Edit: Sorry, Enter submitted the form without a description :smile:
curl https://pldb.com
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I tried on 2 different machines.
Maybe http could be left available, and not provide the redirect (so we can still use the site when https isn't available).
Second edit: Removing the redirect headers, those appear to come from my ISP.
Ok, apparently comcast/xfinity has pldb.com flagged as a problem with their "xFi Advanced Security", and must have been MITM'ing the SSL site even (causing bad checks on the SSL cert, good job curl and Firefox for detecting).
https://forums.xfinity.com/conversations/your-home-network/please-help-xfi-is-blocking-my-safe-work-website/608084d16346df7a82b774df?commentId=6081970043a1b761d4e7c7bc
has a simple instruction to fix this for other Xfinity users.
Oh wow, thanks @ahungry for investigating and getting to the bottom of that! Someone else reported something similar so thanks for finding the cause and sharing.
I think it's a good point though to have ready to go alternatives. Once I get build running faster, I can probably hook up a GitHub workflow to build the site to a backup alternative domain as well.
Hi Breck (@breck7),
I checked the certificate with Qualsys SSL Server Test here and everything looks fine. The only thing that is odd is that the server hostname is not being returned (bottom of the page).
On VirusTotal, only one detection engine (Webroot) gives the domain a malicious rating because of spam URLs. This may be the source of the false positive rating on XFinity. The server IP address, 165.232.147.152, (from Digital Ocean) is given a clean bill of health.
Kind Regards, Liam
This domain name itself seems to have a long history:
http://web.archive.org/web/20220801000000*/pldb.com
So I'm guessing one or more of the past owners had less than reputable content/redirects at one point.
Xfinity link I mentioned has a link in the comment thread there with some direction on how to apply to be removed from the list (I didn't file such a request, I just disabled my "xfi Advanced Protection" :smile: )
Maybe I'll re-open this ticket in case you want to ensure someone takes the time to get back on a reputable standing (or perhaps aim for a different domain, pldb.github.io maybe? Or something like proglangdb.com ? (didn't check if it's available)).
If not, feel free to close it again though.
Very interesting. Thanks @celtic-coder and @ahungry for the research! We're going to stick with pldb.com :).
Xfinity link I mentioned has a link in the comment thread there with some direction on how to apply to be removed from the list (I didn't file such a request, I just disabled my "xfi Advanced Protection" 😄 )
This could be a good todo item at some point!
This is still only affecting a small percentage of users, but lots of people are now reporting this.
Can confirm. I tried on both Chrome and FF with HTTPS everywhere enabled. ISP is Spectrum in NYC.
I appreciate the passion for the domain you acquired (it's hard to get a small domain!), but I wonder if instead of trying to undo 20 years of bad behavior the domain may have partook in (among many providers) you may have an easier time treating pldb.com like how duckduckgo.com has ddg.gg as a short domain.
Something like:
- proglangdb.com (main site, although check first for clean history :smile: )
- pldb.com (301 or 302 redirect to main site)
Then you can still encourage users to use pldb as the "face" of the project, but have a reasonable workaround for users who hit a snag (just visit the full domain)
Hi @ahungry, thanks for the feedback! I realize you don't have access to the same information I do about the domain pldb.com. While I did straight out buy cancerdb.com and braindb.com, I was not able to buy pldb.com but signed a perpetual lease of pldb.com from venture.com. (Equivalent to buying the domain for 20 years for about $50,000 with the benefit that if this was a flop I would have only had to pay $200 to Venture.com for 1 month's use). So I obviously value the domain highly and have made a big bet on it.
People love the domain name (at least, the majority do as only a small % are having this issue). So it's worth it to us to instead do whatever grunt work we have to do have those ISPs fix their problems. Thank you very much for your research. Thanks to your link (http://web.archive.org/web/20220801000000*/pldb.com), I was able to see that the domain has never been used for anything nefarious, and that this is a mistake on the part of the ISPs. So we will get them to fix it on their end.
Does this make sense? I don't know, maybe you are right and I'm thinking about this wrong.
I'm just a passer-by, this is your endeavor, so take any of my feedback and ideas with a grain of salt :smile:
They (my comments) are only approaching it from a technical/usability point of view and concern, with no regard to the business/sunk cost aspect.
I wish you the best of luck in clean up with the various providers and your project.
Btw, tangent: That dashboard is pretty spiffy - is that a built in nginx thing, an nginx module, or something distinct like awstats?
Oh I love the dashboard!!! It's this open source thing called GoAccess (https://goaccess.io/). I think @allinurl https://github.com/allinurl makes it.
My favorite part of each day is when I get a coffee and some free time and I get to sit down and learn more about what it can do. Amazing stuff.
Another report (https://www.reddit.com/r/ProgrammingLanguages/comments/10dfzhn/comment/j4lonsn/?utm_source=reddit&utm_medium=web2x&context=3):
FYI, I get an SSL certificate error from the site.
| Error code: SSL_ERROR_RX_RECORD_TOO_LONG
I'm running on Firefox 102.4.0esr (64-bit) on Debian.