CodeCanyon

Marketplace Security

turkhitbox
turkhitbox Recent Posts
Threads Started
1011 posts
  • Has been a member for 3-4 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author had a Free File of the Month
  • Author was Featured
  • Exclusive Author
  • Sold between 100 000 and 250 000 dollars
  • Elite Author
  • Bought between 10 and 49 items
  • Europe
  • Referred between 100 and 199 users
turkhitbox says

I recently had a huge problem with a client. It was neither mine or the customers fault.

Customer emails me the login details to her website from my profile page. I have not read the email for 3 days since I was away for the weekend.

Next thing I know, she is blaming me for placing spam content on her site. In my luck, she is a reasonable customer and know that doing something like that would only hurt my sales.

I am thinking this is caused by a “Man in the Middle” attack, listening the connections to and from Themeforest.

I think its about time we see that secure icon when we login.

4 months ago via ThemeForest |
pezflash
pezflash Recent Posts
Threads Started
2964 posts
  • Has been a member for 2-3 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author was Featured
  • Beta Tester
  • Exclusive Author
  • Sold between 50 000 and 100 000 dollars
  • Elite Author
  • Bought between 10 and 49 items
  • Spain
  • Referred between 100 and 199 users
pezflash says

Https is required even to connect to the nursery where my child is going.
We have been claimming for this for long, is just awesome that Envato is not under SSL .

Anyway, i’ve to add that is most probably that your customer has any kind of troyan in her computer that a “man in the middle” of Envato authors form process.

4 months ago via ActiveDen |
dtbaker
dtbaker Recent Posts
Threads Started
1703 posts
  • Has been a member for 3-4 years
  • Won a Competition
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author had a File in an Envato Bundle
  • Most Wanted Bounty Winner
  • Community Moderator
  • Author had a Free File of the Month
  • Item was Featured
  • Author was Featured
  • Beta Tester
  • Exclusive Author
  • Sold between 250 000 and 1 000 000 dollars
  • Elite Author
  • Bought between 10 and 49 items
  • Australia
  • Referred between 200 and 499 users
dtbaker says

Yer my vote is on a trojan on clients computer. A man in the middle attack as data is posted to envato, or as the email leaves envato to your inbox, is possibly but very unlikely. Also shared hosting accounts get compromised all the time, so it could be that too.

I would love to know if HTTPS is planned for the marketplace – at least for sensitive parts like the login process. It would help to prevent wire sniffing if it was implemented on the contact forms too – but the email that comes out the other end is still unencrypted and will pass through many more compromisable hosts than the original contact post data.

4 months ago via CodeCanyon |
dtbaker is a moderator
alexxcz
alexxcz Recent Posts
Threads Started
62 posts
  • Has been a member for 3-4 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Bought between 1 and 9 items
  • Europe
  • Referred between 1 and 9 users
alexxcz says

+1 For HTTPS at least on login page. Also, maybe I’m wrong, but a private message box here on Envato wouldn’t be better secured than sending emails on different email providers.

4 months ago via ActiveDen |
quickandeasy
quickandeasy Recent Posts
Threads Started
2700 posts
  • Has been a member for 3-4 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Blog Post
  • Most Wanted Bounty Winner
  • Community Moderator
  • Author was Featured
  • Exclusive Author
  • Sold between 10 000 and 50 000 dollars
  • Bought between 100 and 499 items
  • United Kingdom
  • Referred between 500 and 999 users
quickandeasy says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

They do currently score very well for speed :)

4 months ago via GraphicRiver |
quickandeasy is a moderator
canimalition
canimalition Recent Posts
Threads Started
1085 posts
  • Has been a member for 0-1 years
  • Grew a moustache for the Envato Movember competition
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
canimalition says

Make sure to always update your security such as Antivirus to preventing Malware or Suspicious File on your computer.

4 months ago via GraphicRiver |
dtbaker
dtbaker Recent Posts
Threads Started
1703 posts
  • Has been a member for 3-4 years
  • Won a Competition
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author had a File in an Envato Bundle
  • Most Wanted Bounty Winner
  • Community Moderator
  • Author had a Free File of the Month
  • Item was Featured
  • Author was Featured
  • Beta Tester
  • Exclusive Author
  • Sold between 250 000 and 1 000 000 dollars
  • Elite Author
  • Bought between 10 and 49 items
  • Australia
  • Referred between 200 and 499 users
dtbaker says
quickandeasy said
Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

I doubt the time a SSL handshake takes to complete would impact SEO results. That’s partly the fault of the connection speed at each end, not just the web server. But yes there is a lot more grunt behind offering up HTTPS , and in general it may take a bit longer for the page to load (although these days you wouldn’t even notice). (eg: ssl vs normal)

4 months ago via CodeCanyon |
dtbaker is a moderator
doru
doru Recent Posts
Threads Started
3335 posts
  • Has been a member for 2-3 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author had a Free File of the Month
  • Beta Tester
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Bought between 10 and 49 items
  • Italy
doru says

https cost money

4 months ago via VideoHive |
ait
ait Recent Posts
Threads Started
29 posts
  • Has been a member for 2-3 years
  • Item was Featured
  • Exclusive Author
  • Sold between 250 000 and 1 000 000 dollars
  • Elite Author
  • Bought between 1 and 9 items
  • Referred between 50 and 99 users
ait says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

4 months ago via ThemeForest |
Reaper-Media
Reaper-Media Recent Posts
Threads Started
4324 posts
  • Has been a member for 3-4 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Tutorial to a Tuts+ Site
  • Contributed a Blog Post
  • Interviewed on the Envato Notes blog
  • Grew a moustache for the Envato Movember competition
  • Community Moderator
  • Item was Featured
  • Author was Featured
  • Beta Tester
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Bought between 10 and 49 items
  • United Kingdom
  • Referred between 1 and 9 users
Reaper-Media says
ait said
C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

Yeah, SSL certs are NOT that much! I’m constantly worrying about people snooping my connection and stealing my cookie and abusing the forums. Using SSL would eliminate that worry! :-)

4 months ago via CodeCanyon |
Reaper-Media is a moderator

Search forums

Active threads

How Could you come up with your Username/Businessname? 18 replies, last by meks 28 minutes ago
The Statementer 231 replies, last by revaxarts 28 minutes ago
Referrals? 1 replies, last by revaxarts 1 hour ago
smallest store in the world 1 replies, last by CodingJack 1 hour ago
who can do this app on facebook 0 replies
Office workspace photos 11 replies, last by contrastblack 5 hours ago
Has more than one affiliate account : Can or not? 10 replies, last by WPExplorer 6 hours ago
by
by
by
by
by