If yes, we will ask ifastnet to provide an article about how they maintain free server’s security. So we could write our privacy policy.
@Geek_Tips_Hub, Please don’t cause chaos again.
By creating such thread with this title, there’s a chance that InfinityFree user’s will close their account, etc.
a 2-Factor authentication would be nice but most of us don’t need it…
Why don’t you post the same on tons of other hosting (Free & Premium) forums that don’t have 2 Factor Authentication?
*Don’t take it literary.
Note that this is a “FREE” and unlimited service. No Forced Ads on your site, no credit card information, and 100% working and I belive InfinityFree is trying their best to be as secure as possible to the best of their ability.
@PlanetGamingGG said:
@Geek_Tips_Hub, Please don’t cause chaos again.
By creating such thread with this title, there’s a chance that InfinityFree user’s will close their account, etc.a 2-Factor authentication would be nice but most of us don’t need it…
Why don’t you post the same on tons of other hosting (Free & Premium) forums that don’t have 2 Factor Authentication?
*Don’t take it literary.Note that this is a “FREE” and unlimited service. No Forced Ads on your site, no credit card information, and 100% working and I belive InfinityFree is trying their best to be as secure as possible to the best of their ability.
Delete this thread.
@Geek_Tips_Hub said:
Well that’s good. but we should know about how ifastnet servers maintain( for security ), so we assure about security on our own sites (like my own website ). So admin and community, I asking you should we try to know about this?
How servers are maintained is a very broad topic with many different answers.
What kind of information are you looking for? The kind of tools they use for monitoring or configuration? The size and composition of their ops team? Their deployment and update cycle? The physical security on their servers? Who on their team has access to which customer data?
Finally, keep in mind that a privacy policy is a legal document, not a technical one. I agree it would be interesting to learn a bit more about how the hosting system is built and maintained. But from a legal perspective, how does update speed on servers affect which data you collect from your users and how you use that data? After all, even if you have a huge team of educated, experienced, skill operations staff who use the best, cutting-edge tools, how do you know there isn’t some huge security hole everyone overlooked?
You can try to learn more about how they maintain their infrastructure. But I don’t see why any of that is relevant for a privacy policy. After all, it’s a privacy policy, not a privacy technical design.
@Geek_Tips_Hub said:
@PlanetGamingGG said:
@Geek_Tips_Hub, Please don’t cause chaos again.
By creating such thread with this title, there’s a chance that InfinityFree user’s will close their account, etc.a 2-Factor authentication would be nice but most of us don’t need it…
Why don’t you post the same on tons of other hosting (Free & Premium) forums that don’t have 2 Factor Authentication?
*Don’t take it literary.Note that this is a “FREE” and unlimited service. No Forced Ads on your site, no credit card information, and 100% working and I belive InfinityFree is trying their best to be as secure as possible to the best of their ability.
Delete this thread.
You may like to sweep issues under the rug, but we don’t.
@Admin Sir, Do you heard about Man In The Middle? If you don’t like It, You can always close this thread. But I am not going to accept that “this system is so secure”.
Google chrome verified. You should not enter any sensitive information. We not only enter, we save information(I am talking about phpmyadmin).
I know you don’t like this information(Don’t believe me. I am lieing. Everything is secure. Haha.)
if people are involved in the variable - there is no security 
most of the biggest hacks are not the work of some great mind
that is more a digging on the trash or stealing laptops/cell phones…(in recent times phishing mails)
The most basic thing is to use 2FA on your email acc
because on that email depends everything… (from bank account to) let’s say that this is a new ID card
IF can protect login form with 2FA but intruder can go through FTP or in a other ways
so 2FA does not make sense because IF can just cover their things but not other chain loops (ifast) and chain is as strong as the weakest Link
in many cases people are the weakest link 
the best protection is education
2 Likes
@Geek_Tips_Hub said:
@Admin Sir, Do you heard about Man In The Middle? If you don’t like It, You can always close this thread. But I am not going to accept that “this system is so secure”.
I’m not saying you are lying. I’m not saying the hosting system perfectly applies every applicable security recommendation, and I’m not trying to pretend that everything is as secure as it could be.
And I didn’t say “everything is secure”. I said “as long as your own network is not being snooped on by malicious hackers, and you are using unique, randomly generated passwords for your hosting accounts, there is absolutely nothing to fear.” Which is exactly what I mean: it’s not perfectly secure but also not a massive security breach.
The way you’re reporting it makes it sounds like hackers have stolen all login details already and are in every account right now stealing data and defacing websites. Which, I repeat, is definitely not the case.
The fact that some URLs do not have HTTPS does not mean our system is bugged and compromised and all your data is at risk.
I am familiar with man in the middle attacks. Hence the “as long as your network is not being snooped on by malicious hackers” part I wrote about before. As long as your network is secure, there is no immediate danger. And if you know your network is not safe from hackers, I think you should report this to your network administrator or ISP instead. We can’t secure your home network for you.
Again, you’re blowing this issue completely out of proportion. You’re not wrong by saying that this is an issue, and at no point do I, will I or have I denied that this is a problem, but this issue is nowhere near as bad as you make it sound.
Ok.
@Geek_Tips_Hub said:
I know you don’t like this information(Don’t believe me. I am lieing. Everything is secure. Haha.)
You know it’s up to you to get a valid SSL certificate for your own site. That is no bug, also if during an installation you use settings made for signed SLL certificates while you don’t have one you will get a security warning on your browser. As for server maintenance you might want to ask iFast net no infinity free
@SaadEddine said:
@Geek_Tips_Hub said:
I know you don’t like this information(Don’t believe me. I am lieing. Everything is secure. Haha.)You know it’s up to you to get a valid SSL certificate for your own site. That is no bug, also if during an installation you use settings made for signed SLL certificates while you don’t have one you will get a security warning on your browser. As for server maintenance you might want to ask iFast net no infinity free
So funny “Do you read full thread?”?
I have read the full thread and your replies make no sense
@SaadEddine said:
I have read the full thread and your replies make no sense
Hi,
What he means is that InfinityFree’s PHPmyAdmin doesn’t have a trusted SSL installed.
And the picture is what the browser show when accessing InfinityFree’s PHPMyAdmin with SSL request.
For example if you rewrite http to https when accessing PHPMyAdmin, then the “Not Trusted SSL” error will occur.
@UnknownLolz said:
@SaadEddine said:
I have read the full thread and your replies make no senseHi,
What he means is that InfinityFree’s PHPmyAdmin doesn’t have a trusted SSL installed.
And the picture is what the browser show when accessing InfinityFree’s PHPMyAdmin with SSL request.For example if you rewrite
httptohttpswhen accessing PHPMyAdmin, then the “Not Trusted SSL” error will occur.
It’s don’t have SSL. Invalid SSL is more scary.
Little big question @Admin do you have access on our accounts? Like phpmyadmin?
@Geek_Tips_Hub said:
@UnknownLolz said:
@SaadEddine said:
I have read the full thread and your replies make no senseHi,
What he means is that InfinityFree’s PHPmyAdmin doesn’t have a trusted SSL installed.
And the picture is what the browser show when accessing InfinityFree’s PHPMyAdmin with SSL request.For example if you rewrite
httptohttpswhen accessing PHPMyAdmin, then the “Not Trusted SSL” error will occur.It’s don’t have SSL. Invalid SSL is more scary.
Little big question @Admin do you have access on our accounts? Like phpmyadmin?
Just tell me yes or no. If yes describe your privilege.
@Geek_Tips_Hub
Yes he can access your account.
Why?
i’ts up to Admin.
I don’t think by accessing means 'took all controls of our accounts". He/she (“admin” doesn’t describe gender) may give (grant) or block (restrict) our account from several functions, like creating account, access to vPanel, etc.
But the vital data itself (username, password, dob, any) which stored inside database is just beyond his/her privileges, because it is managed by DBA, and I believe this DBA has its own department.
It’s just like you being Game Master of any online game (if you experience one). You may be able to block someone from accessing server/game, but that doesn’t mean you can screw up your player’s data. That would be privacy violation.
Add: even DBA shouldn’t modify anything inside the database. They may have the privileges but the ethics of being database adm. were the one who restrict them from doing such thing.
@Geek_Tips_Hub said:
@UnknownLolz said:
@SaadEddine said:
I have read the full thread and your replies make no senseHi,
What he means is that InfinityFree’s PHPmyAdmin doesn’t have a trusted SSL installed.
And the picture is what the browser show when accessing InfinityFree’s PHPMyAdmin with SSL request.For example if you rewrite
httptohttpswhen accessing PHPMyAdmin, then the “Not Trusted SSL” error will occur.It’s don’t have SSL. Invalid SSL is more scary.
Little big question @Admin do you have access on our accounts? Like phpmyadmin?
How is having invalid SSL more scary than no SSL? With an invalid SSL certificate, at least the data is encrypted along the way, even if you can’t validate you are actually talking to us on the other side.
All servers and hosting accounts are SSL enabled by default with a self signed certificate. If you don’t enable SSL for a specific domain name on a server, and you try to access the domain with SSL, any webserver will fall back to the default SSL host for the server, or the first SSL host on the system. Not configuring SSL for a domain does not block SSL for a domain.
Yes, I do have access to all accounts.
Of course, I won’t snoop on accounts, we treat your data as confidential. And if you don’t want us to have access to your data, why did you upload it to our servers?
@SaadEddine said:
@Geek_Tips_Hub said:
I know you don’t like this information(Don’t believe me. I am lieing. Everything is secure. Haha.)You know it’s up to you to get a valid SSL certificate for your own site. That is no bug, also if during an installation you use settings made for signed SLL certificates while you don’t have one you will get a security warning on your browser. As for server maintenance you might want to ask iFast net no infinity free
@Geek_Tips_Hub meant some feature’s on cPanel is not fully secured with SSL.
But according to Admin, as long as your network is not being snooped, you’re good…