400 Bad Request code

For some reason, many of the websites in my favourites have recently started to generate a 400 series error when I try and access them. Lathes.uk being an example. Also get asked for a username and password on some sites as the site is not secure. The internet says the standard fix for this is to clear the computer cookie cache, which I've done but it makes no difference.

My PC never used to do this, so has a Windows update caused it? It's very frustrating and I get the same result when I try and access the troublesome sites on my phone.

Any suggestions?

I had a windows update the light before last and my usually fast laptop is rubbish at the moment. Broadband speed is ok, I'm assuming it is something to do with the update...

Is your phone connected to your WiFi when you have the problem, or is it using mobile data?
If the former, I've had issues with sites being blocked by my ISP due to a change in account security settings.

Plusnet has increased security, and sometimes blocks individual sites depending on security certificate conditions, but not all the time.

I've found turning off WiFi on the phone, and then trying a site via mobile data, can be a useful diagnostic method; just make sure you don't use up all your data allowance by forgetting to re-enable WiFi.

Also, I use Opera as a browser, which seems to hide some of the reasoning as to why a site is blocked by my ISP on a desktop PC. I keep other browsers for double checking things like this; Pale Moon seems to work quite well as helping to show up the cause of problems.

Bill

So did I, which was immediately followed by a second update.
Until I realised, checked the update status, and forced the required re-start, my desktop slowed down too.

Bill

Just tried to access lathes.uk using the phone - using WiFi I get the 400 error; turn off WiFi and use 4g and no problem. So it's my talk talk isp?

Which 400 codes? There are more than 20. They mostly suggest a problem at the client end, and are often security related.

Your ISP, Browser, or possibly operating system tightening up security may explain part or all of it.

For over a decade, it's been recognised that websites that don't have a security certificate are risky, for several reasons. As none of them are instantly painful, they've been allowed to chug along. But they're a weakness in the defences, for example they make it much easier for the bad guys to put up a website that spoofs your bank and get away with it for longer than is safe. And sloppy computer security of any sort is a strong hint to hackers, that the site is part of a sloppy security community, likely to provide other loop-holes/

Run a mile from any site on the internet that collects personal data or collects money that doesn't have a certificate. You do check security certificates, right? Of course we don't, here's a popular website:

Note the padlock symbol crossed with a red-line in the address box, and that the address doesn't mention https:

The red line is a warning to security conscious users to beware. The site is safe enough provided the user is careful, doesn't give anything away, and has moderately good security himself.

However, internet providers have been taking an increasingly hard line with websites that don't have a security certificate. ISPs refusing to host new ones; browsers issuing loud warnings, and more recently refusing to connect at all. (Unless the user goes into Settings and deliberately disables the security check.) After many warnings the idea is to force security on anyone who hasn't voluntarily plugged the loophole, and to ensure innocent users know something is wrong.

That two devices are blocked suggests a common reason. Might be the Router. At home, most smart phones connect to the internet using WiFi rather than the mobile network. If the router checks for certificates, everything that connects via the router will fail. Possibly the ISP has tightened up the router in one of the periodic upgrades. Or, the router has been corrupted by a glitch. Some strange faults can be fixed by powering off the router for several minutes, or forcing a full reset. ('Have you tried switching it off and on again' is good advice!)

Could be wrong. More information the better when there a multiple causes, or something complicated going on : exactly which codes and error messages, which browser and version, which operating system and version, examples of websites that work and sites that don't.

Dave

Edited By SillyOldDuffer on 17/03/2023 13:14:43

Thanks for the replies - Dave's was particularly useful in improving my limited it knowledge!

I tried switching off the router for a few minutes and, on turning it back on could then access lathes.uk, albeit with a not secure warning in the header. Will monitor and report further incidents if they occur.

Edited By Glyn Davies on 17/03/2023 18:56:36

So you IT guys, for my benefit why do these sites not have a security certificate, they have been around a long time I know that much, is there a huge cost to it or some disadvantage that dissuades a business from doing it, don't know anything about Lathes business or is it not a business as such?

I always (try to) remember to look for the padlock symbol.

Bill D.

Edited By Frances IoM on 04/04/2023 11:41:46

Two main reasons:

• sites created in the past where the owner hasn't realised the need yet. (Everything works, so it's not obvious there's a problem. And to be fair, the security risk of a plain website like lathes.co.uk is low provided the user is wide-awake.)
• Faff and money. Although the change is usually easy, the business has to get a certificate, and then tweak the website to use it. A notch more difficult for DIY than many care for, so send for a man - analogous to paying a plumbers hefty call-out fee and hourly rate to change a 10p tap washer. That's if the change is straightforward. There's a risk that the software is so ancient that it has to be replaced, and maybe the hardware and operating system too. Costs multiply, and the whole future of the site has to be reconsidered. Sometimes websites are easy to migrate, or they can be complete pigs. So "Do nothing" is always an option, not least because it buys time to plan and budget.

Dave

Cripes... stuck in a huge deserted hotel with dial-up speed and reliability wifi.

I wonder if 'sometimes works if you stand by the door' fulfils what booking.com said...?

Neil