Security warning in bottom right-hand corner of page


Latest News Forums Site technical issues and feedback Security warning in bottom right-hand corner of page

Viewing 18 posts - 1 through 18 (of 18 total)
  • Author
    Posts
  • #71801 Reply
    Twirlip
    Guest

    Using Firefox 89.0 (I saw the same thing when using the previous version, which I think was 88.0.1), I see this message at the bottom right-hand corner of each page of the website:

    “Firefox Can’t Open This Page

    To protect your security,”

    (Yes, it really does end with a comma. Perhaps the text continues; but if so, I can’t scroll down to see it.)

    #71816 Reply
    mods-cm-org
    Guest

    Thank you for reporting this problem.

    I have been unable to replicate the error message, using Firefox 88.0.1 – even with all permissions blocked by NoScript and uBlock Origin. Similarly, no such message appears when using the TOR browser (which is Firefox-based) with the default paranoia settings.

    If the error appears in the bottom corner and remains in the same place when you scroll the page, the culprit could be the “btt-arrow” overlay (a button marked with a caret character which facilitates fast scrolling to the top of the page). This button relies on javascript and possibly jquery.

    It sounds like there is a local problem with the SSL certificates stored on your own device. One potential fix is to clear your browsing history:

    • Open Firefox and click the three lines button at the top-right corner in Firefox browser.
    • Next click Options -> Privacy & Security. Scroll down in the right window to find History, and click ‘Clear browsing data‘.
    • Select a time range like ‘All time’ (or a more recent period if you want to retain some elements in the History list), and tick ‘all options’ under Browsing history. Click the Clear Now button to clear all browsing history on Firefox.

    Then revisit the blog again to check if the error message is gone. Let us know what happens.

    #71819 Reply
    Twirlip
    Guest

    Thanks for the reply. I’m afraid I’m very reluctant to clear my browsing history, because I make continual use of it, several times every day. As the next best thing, I had a look at the site using Opera. I don’t use Opera much – I have little idea how its interface works, and I don’t even know what version I’ve got – so it has very little browsing history, and I’ve certainly never used it to view Craig’s site before. The display is very similar using both browsers. At the bottom of the page, with the window size that I’m using, there are three columns. The first is headed “Books by Craig Murray”. The second is headed “Recent Posts”. I forget what would usually appear in the third column, but now, in both browers, there is an odd-looking, very sparsely-rendered rectangle, with an aspect ratio of about 2:1, and a white background. In Firefox, the foreground is occupied by the text I quoted above. In Opera, the foreground is occupied by the top half of a large red Opera icon, with its bottom half cut off. It’s mostly just a white rectangle.

    #71825 Reply
    Clark
    Guest

    “I’m very reluctant to clear my browsing history…”

    To bypass your browsing history you could try a private window.

    “I forget what would usually appear in the third column…”

    I don’t have a third column there; the right-hand third is simply the same grey background as behind the “Books” and “Recent Posts” elements.

    Could the problem be the “Powered by [Wordpress]” icon? On my system this would appear below the specified area (uBlock Origin suppresses it), but it does at least contain the URL of the external site wordpress.org.

    #71827 Reply
    Twirlip
    Guest

    Good suggestion – thanks! In a private Firefox window, I don’t see the rectangle. (I didn’t see it before accepting cookies, and I still don’t see it after having accepted them.) Just as you describe it, the right-hand third is now simply the same grey background as behind the “Books” and “Recent Posts” elements.

    #71836 Reply
    Clark
    Guest

    OK, well if you want to narrow down the cause you could try returning to a non-private window and visiting wordpress.org, to confirm whether you get the security warning there. And/or you could right-click on the security warning and use Firefox’s “Inspect” feature, and look at the nearby code for URLs of external sites – your history might hold an invalid security certificate or something for one of them.

    Further to the mod’s suggestion above, Firefox’s “Clear history” dialogue permits you to select what to clear; you can retain your browsing and download history, active logins, form & search history and site preferences, and just clear cookies, cache and offline website data. Clearing cookies might change the behaviour of some websites, eg. it’ll empty any shopping baskets. Clearing the cache is the most likely to clear the warning.

    Also check that your system’s date and time are roughly correct.

    #71837 Reply
    Twirlip
    Guest

    When I tried to reply in detail to that last message, my post was blocked. I’ll try again, deleting whatever looks likely to have triggered the site’s defences. Meanwhile, here is the message I received:

    “A potentially unsafe operation has been detected in your request to this site

    Your access to this service has been limited. (HTTP response code 403)

    If you think you have been blocked in error, contact the owner of this site for assistance.
    Block Technical Data
    Block Reason: A potentially unsafe operation has been detected in your request to this site
    Time: Wed, 2 Jun 2021 16:49:23 GMT
    About Wordfence
    Wordfence is a security plugin installed on over 3 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.

    You can also read the documentation to learn about Wordfence’s blocking tools, or visit wordfence.com to learn more about Wordfence.”

    #71838 Reply
    Twirlip
    Guest

    This is the beginning of what I tried to post:

    “Clock time is updated from an Internet time server every day or so, and is never more than a few seconds out. There are no security warnings when I visit wordpress.org (or the vestigial blog I have to maintain there in order to comment on other blogs). I’m vague about how the Inspector works, but it looks as if the rectangle is generated by this HTML code (I hope I’ve formatted it right): […]”

    #71839 Reply
    Twirlip
    Guest

    I don’t to try posting any HTML code again, but if you search the HTML code (for, say, this page) for the string ‘footer_three’, you’ll see an ‘iframe’ element containing a URL descended from http://www.facebook.com/plugins. That seems to be what generates the rectangle when the page is rendered.

    #71840 Reply
    Twirlip
    Guest

    I think the website may be punishing me for “jigsaw identification” of the offending HTML element. 🙂

    Even when I try to describe how to locate the element, my post simply doesn’t appear!

    Trying again (even more briefly): search the source code of this page for the string ‘footer_three’.

    #71842 Reply
    Twirlip
    Guest

    Whew, that worked!

    Trying a bit more:

    When you have found that string, look for the ‘iframe’ element that follows it. It contains a URL descended from http://www.facebook.com, and seems to be what is generating the odd rectangle when the page is rendered.

    #71844 Reply
    Twirlip
    Guest

    The post that didn’t appear before has now appeared (making the post immediately above it redundant). Meanwhile, another attempted post (also now redundant) has failed to appear. My brain hurts.

    #71847 Reply
    Clark
    Guest

    Wordfence can be twitchy. I have no technical experience with it. It has blocked my comments on two or three occasions; I never did work out why, though I seem to remember that they had something numeric or vaguely technical-looking in them.

    I think this is a different issue from the original security warning.

    #71850 Reply
    Twirlip
    Guest

    Yes, I’m sure it’s a separate problem.

    I have made a toy HTML file containing a copy of the footer_three code, and it reproduces the behaviour in both Firefox and Opera. So the problem I’m having is definitely caused by the Facebook link. (Not that it is much of a problem, if it is mainly caused by something wrong with the settings on my system.)

    #71851 Reply
    mods-cm-org
    Guest

    The behaviour varies between browsers. On my system:

    • Chrome shows the Facebook widget correctly (i.e. ‘Follow’, ‘Share’ and the number of people following: 4.4K);
    • Edge also shows the widget correctly;
    • So does TOR;
    • Firefox shows a blank column with no widget;
    • Opera (with the built-in VPN) shows a blank box with the top of the Opera “O” symbol;
    • Epic Privacy Browser (which is based on an old fork of Chromium with all the Google elements stripped out) shows a box with a frowning error symbol and the text “www.facebook.com refused to connect”;
    • Chrome in ‘Incognito’ mode shows the same frowning symbol and error message.

    It appears that Facebook itself rejects the connection if the browser doesn’t meet certain conditions.

    #71862 Reply
    Twirlip
    Guest

    Very thorough. Thanks!

    #71863 Reply
    Twirlip
    Guest

    I’ve just got another variant response. Using Edge (which I’ve used far less than even Opera), I see a rectangle of the same size as before, but this time with a light grey background, and in the foreground, there is a large, simple icon in black, showing a rectangle in portrait orientation with a corner folded over, thus obviously representing a document, and on top of it a symbol like a road traffic “No Entry” sign, i.e., a circle with a diagonal bar.

    #71864 Reply
    mods-cm-org
    Guest

    The problems seem associated with the privacy settings rather than the browsers per se. Epic Privacy Browser and Opera VPN are both cagey about sharing info with Facebook. There’s also a clear difference between the results from Chrome in ordinary mode and in Incognito mode. So it looks like Facebook rejects the widget if it’s unable to query the browser for the information it requires: i.e. something to identify who you are.

    In that case, the error box is a sign that you’ve evaded Facebook’s evil eye. Wear the badge with pride!

Viewing 18 posts - 1 through 18 (of 18 total)
Reply To: Security warning in bottom right-hand corner of page
Your information: