Posts by dgoodlad

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

Hi all – thanks for lettings us know that you’re still seeing issues. Overnight (for us here in Australia) our upstream providers were filtering a very, very small amount (e.g. less than 0.03%) of traffic hitting the site. It’s quite difficult to tune the filters perfectly, and takes time, but believe me when I say we’re working very hard to get this right!

If you’re still having trouble connecting – “connection reset by peer” or “connection timed out” messages, would you please open a support ticket with the title “False Positive Filtering”, and include the exact time(s) that you had trouble and your IP address? I’d really like to get this nailed down :)

Thanks!

David

I’m going to lock this thread down here so that everyone can see David’s instructions :) Thanks!
-Travis

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

Hi everyone

A small number of you may have been experiencing intermittent outages over the past hour. We’re currently under a DDOS attack, which means it’s quite difficult to tell which people are the good guys! We’re successfully filtering a significant amount of the attack, but there are a some ‘false positives’ that are making it tough for some of you to hit the site. I appreciate your patience as I work hard with our hosting provider to get this sorted out as soon as possible!

Update 6:49am AEST – The attack has subsided, everything should be returning to normal.

Cheers

David

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

I agree that implementing SSL is a mess with all that externally linked content. But how is SSL on sign-in makes things secure?

It makes things more secure than they were. It’s a compromise; it prevents sniffing plain-text passwords, it prevents cookie hijacking on that domain, etc. You’re right, though, there are well-known attack vectors against login-only-SSL, and this is a serious concern for us. For my part, I’ll be applying some internal pressure to address this issue, but there is a lot of work to be done to get there!

— Dave

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

We need SSL over the marketplaces!

As Kelly said, we took the opportunity to wrap up this new project with SSL first, but we’re definitely aware of the concerns around not having SSL on the rest of the marketplace pages. It’s a surprisingly complex task, though, with issues like externally-linked content (e.g. images, full-screen previews).

— Dave

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

As the title says, are you working fulltime on Envato marketplaces?

I do, but probably not in the way you’re talking about :P

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

Thanks, you mean wrong side up ;)

I’m Canadian, living in Australia – I don’t actually know which way’s up any more!

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

The maintenance was completed successfully well within our 1-hour window. Earnings reports are live; thanks again for your patience!

David

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

We’re going to be doing some more infrastructure upgrades this afternoon, this work should not result in any downtime for the marketplaces. However, it does require that we disable access to authors’ earnings statements. So, from 13:30 through 14:30 AEST on July 12 you won’t be able to obsessively reload your earnings page.

For those of you on the right-side-up side of the world, 13:30 AEST is 20:30 PST , 23:30 EST on July 11.

Thanks for your patience! David

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

Hi Crakken

We’re AEST , Australian Eastern Time, so midday – 1pm here :)

We’ve had a few unexpected periods of downtime lately, which we’re working hard to avoid; today’s scheduled maintenance is part of that work.

Cheers

David

13 posts
  • Australia
  • Has been a member for 2-3 years
dgoodlad says

Hi all

It seems that there’s some confusion about the download-purchase vs verify-purchase API methods.

download-purchase is for buyers to generate their download link for a purchase. This method requires the use of the buyer’s username and API key. verify-purchase is for sellers to retrieve details about a purchase. This method requires the use of the seller’s username and API key.

Hope that clears things up! :)

David

by
by
by
by
by
by