1642 posts
  • Elite Author
  • Featured Author
  • 6 Years of Membership
  • Author Level 10
+8 more
fuelthemes
says

I recently had a huge problem with a client. It was neither mine or the customers fault.

Customer emails me the login details to her website from my profile page. I have not read the email for 3 days since I was away for the weekend.

Next thing I know, she is blaming me for placing spam content on her site. In my luck, she is a reasonable customer and know that doing something like that would only hurt my sales.

I am thinking this is caused by a “Man in the Middle” attack, listening the connections to and from Themeforest.

I think its about time we see that secure icon when we login.

3757 posts
  • Elite Author
  • Spain
  • Author Level 8
  • Featured Author
+11 more
pezflash
says

Https is required even to connect to the nursery where my child is going.
We have been claimming for this for long, is just awesome that Envato is not under SSL .

Anyway, i’ve to add that is most probably that your customer has any kind of troyan in her computer that a “man in the middle” of Envato authors form process.

5441 posts
  • Author Level 11
  • Moderator
  • Winner
  • 6 Years of Membership
+20 more
dtbaker
Moderator
says

Yer my vote is on a trojan on clients computer. A man in the middle attack as data is posted to envato, or as the email leaves envato to your inbox, is possibly but very unlikely. Also shared hosting accounts get compromised all the time, so it could be that too.

I would love to know if HTTPS is planned for the marketplace – at least for sensitive parts like the login process. It would help to prevent wire sniffing if it was implemented on the contact forms too – but the email that comes out the other end is still unencrypted and will pass through many more compromisable hosts than the original contact post data.

141 posts
  • Weekly Top Seller
  • Exclusive Author
  • Author Level 3
  • 7 Years of Membership
+7 more
ram64
says

+1 For HTTPS at least on login page. Also, maybe I’m wrong, but a private message box here on Envato wouldn’t be better secured than sending emails on different email providers.

3724 posts Community Moderator
  • Affiliate Level 8
  • Author Level 6
  • Bundle Boss
  • Collector Level 4
+9 more
quickandeasy
says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

They do currently score very well for speed :)

1315 posts
  • Author Level 4
  • Collector Level 1
  • Indonesia
  • 4 Years of Membership
+2 more
canimalition
says

Make sure to always update your security such as Antivirus to preventing Malware or Suspicious File on your computer.

5441 posts
  • Author Level 11
  • Moderator
  • Winner
  • 6 Years of Membership
+20 more
dtbaker
Moderator
says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

I doubt the time a SSL handshake takes to complete would impact SEO results. That’s partly the fault of the connection speed at each end, not just the web server. But yes there is a lot more grunt behind offering up HTTPS , and in general it may take a bit longer for the page to load (although these days you wouldn’t even notice). (eg: ssl vs normal)

8176 posts
  • Author Level 6
  • Trendsetter
  • Weekly Top Seller
  • Community Superstar
+8 more
doru
says

https cost money

251 posts
  • Top Monthly Author
  • Trendsetter
  • Weekly Top Seller
  • 5 Years of Membership
+8 more
ait
says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

4335 posts
  • 6 Years of Membership
  • Affiliate Level 1
  • Author Level 3
  • Beta Tester
+11 more
Reaper-Media
says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

Yeah, SSL certs are NOT that much! I’m constantly worrying about people snooping my connection and stealing my cookie and abusing the forums. Using SSL would eliminate that worry! :-)

by
by
by
by
by
by