1320 posts
  • Elite Author
  • Has been a member for 5-6 years
  • Sold between 250 000 and 1 000 000 dollars
  • Author had a Free File of the Month
  • Referred between 200 and 499 users
  • Bought between 10 and 49 items
  • Europe
  • Exclusive Author
+1 more
fuelthemes says

I recently had a huge problem with a client. It was neither mine or the customers fault.

Customer emails me the login details to her website from my profile page. I have not read the email for 3 days since I was away for the weekend.

Next thing I know, she is blaming me for placing spam content on her site. In my luck, she is a reasonable customer and know that doing something like that would only hurt my sales.

I am thinking this is caused by a “Man in the Middle” attack, listening the connections to and from Themeforest.

I think its about time we see that secure icon when we login.

3747 posts
  • Won a Competition
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
  • Spain
  • Referred between 200 and 499 users
+5 more
pezflash says

Https is required even to connect to the nursery where my child is going.
We have been claimming for this for long, is just awesome that Envato is not under SSL .

Anyway, i’ve to add that is most probably that your customer has any kind of troyan in her computer that a “man in the middle” of Envato authors form process.

2964 posts
  • Football Contest Participant/Runner-up
  • Australia
  • Community Moderator
  • Elite Author
  • Author had a Free File of the Month
  • Most Wanted Bounty Winner
  • Author had a File in an Envato Bundle
  • Has been a member for 5-6 years
  • Contributed a Blog Post
+11 more
dtbaker Volunteer moderator says

Yer my vote is on a trojan on clients computer. A man in the middle attack as data is posted to envato, or as the email leaves envato to your inbox, is possibly but very unlikely. Also shared hosting accounts get compromised all the time, so it could be that too.

I would love to know if HTTPS is planned for the marketplace – at least for sensitive parts like the login process. It would help to prevent wire sniffing if it was implemented on the contact forms too – but the email that comes out the other end is still unencrypted and will pass through many more compromisable hosts than the original contact post data.

128 posts
  • Author had a Free File of the Month
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Romania
  • Has been a member for 6-7 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Tutorial to a Tuts+ Site
  • Bought between 1 and 9 items
  • Referred between 1 and 9 users
ram64 says

+1 For HTTPS at least on login page. Also, maybe I’m wrong, but a private message box here on Envato wouldn’t be better secured than sending emails on different email providers.

3716 posts Community Moderator
  • Author had a File in an Envato Bundle
  • Grew a moustache for the Envato Movember competition
  • Community Moderator
  • Referred more than 2000 users
  • Has been a member for 5-6 years
  • United Kingdom
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Blog Post
+4 more
quickandeasy Volunteer moderator says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

They do currently score very well for speed :)

1313 posts
  • Indonesia
  • Has been a member for 3-4 years
  • Exclusive Author
  • Grew a moustache for the Envato Movember competition
  • Bought between 1 and 9 items
  • Sold between 5 000 and 10 000 dollars
canimalition says

Make sure to always update your security such as Antivirus to preventing Malware or Suspicious File on your computer.

2964 posts
  • Football Contest Participant/Runner-up
  • Australia
  • Community Moderator
  • Elite Author
  • Author had a Free File of the Month
  • Most Wanted Bounty Winner
  • Author had a File in an Envato Bundle
  • Has been a member for 5-6 years
  • Contributed a Blog Post
+11 more
dtbaker Volunteer moderator says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

I doubt the time a SSL handshake takes to complete would impact SEO results. That’s partly the fault of the connection speed at each end, not just the web server. But yes there is a lot more grunt behind offering up HTTPS , and in general it may take a bit longer for the page to load (although these days you wouldn’t even notice). (eg: ssl vs normal)

7205 posts
  • Exclusive Author
  • Has been a member for 5-6 years
  • Sold between 10 000 and 50 000 dollars
  • Envato Studio (Microlancer) Beta Tester
  • Beta Tester
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Author had a Free File of the Month
  • Bought between 50 and 99 items
  • Referred between 10 and 49 users
+1 more
doru says

https cost money

154 posts
  • Envato Studio (Microlancer) Beta Tester
  • Power Elite Author
  • Power Elite Author: Sold between 1 000 000 - 1 999 999 dollars
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Referred between 1000 and 1999 users
  • Exclusive Author
ait says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

4335 posts
  • Beta Tester
  • Bought between 10 and 49 items
  • Community Moderator
  • Contributed a Blog Post
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Grew a moustache for the Envato Movember competition
+6 more
Reaper-Media Volunteer moderator says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

Yeah, SSL certs are NOT that much! I’m constantly worrying about people snooping my connection and stealing my cookie and abusing the forums. Using SSL would eliminate that worry! :-)

by
by
by
by
by
by