Hi all – thanks for lettings us know that you’re still seeing issues. Overnight (for us here in Australia) our upstream providers were filtering a very, very small amount (e.g. less than 0.03%) of traffic hitting the site. It’s quite difficult to tune the filters perfectly, and takes time, but believe me when I say we’re working very hard to get this right!
If you’re still having trouble connecting – “connection reset by peer” or “connection timed out” messages, would you please open a support ticket with the title “False Positive Filtering”, and include the exact time(s) that you had trouble and your IP address? I’d really like to get this nailed down
I’m going to lock this thread down here so that everyone can see David’s instructions Thanks!
A small number of you may have been experiencing intermittent outages over the past hour. We’re currently under a DDOS attack, which means it’s quite difficult to tell which people are the good guys! We’re successfully filtering a significant amount of the attack, but there are a some ‘false positives’ that are making it tough for some of you to hit the site. I appreciate your patience as I work hard with our hosting provider to get this sorted out as soon as possible!
Update 6:49am AEST – The attack has subsided, everything should be returning to normal.
I agree that implementing SSL is a mess with all that externally linked content. But how is SSL on sign-in makes things secure?
It makes things more secure than they were. It’s a compromise; it prevents sniffing plain-text passwords, it prevents cookie hijacking on that domain, etc. You’re right, though, there are well-known attack vectors against login-only-SSL, and this is a serious concern for us. For my part, I’ll be applying some internal pressure to address this issue, but there is a lot of work to be done to get there!
We need SSL over the marketplaces!
As Kelly said, we took the opportunity to wrap up this new project with SSL first, but we’re definitely aware of the concerns around not having SSL on the rest of the marketplace pages. It’s a surprisingly complex task, though, with issues like externally-linked content (e.g. images, full-screen previews).
The maintenance was completed successfully well within our 1-hour window. Earnings reports are live; thanks again for your patience!
We’re going to be doing some more infrastructure upgrades this afternoon, this work should not result in any downtime for the marketplaces. However, it does require that we disable access to authors’ earnings statements. So, from 13:30 through 14:30 AEST on July 12 you won’t be able to obsessively reload your earnings page.
For those of you on the right-side-up side of the world, 13:30 AEST is 20:30 PST , 23:30 EST on July 11.
Thanks for your patience! David
We’re AEST , Australian Eastern Time, so midday – 1pm here
We’ve had a few unexpected periods of downtime lately, which we’re working hard to avoid; today’s scheduled maintenance is part of that work.
It seems that there’s some confusion about the
verify-purchase API methods.
download-purchaseis for buyers to generate their download link for a purchase. This method requires the use of the buyer’s username and API key.
verify-purchaseis for sellers to retrieve details about a purchase. This method requires the use of the seller’s username and API key.
Hope that clears things up!