1358 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Made it to the Authors' Hall of Fame
  • Has been part of the Envato Community for over 5 years
  • Has sold $250,000+ on Envato Market
+6 more
fuelthemes says

I recently had a huge problem with a client. It was neither mine or the customers fault.

Customer emails me the login details to her website from my profile page. I have not read the email for 3 days since I was away for the weekend.

Next thing I know, she is blaming me for placing spam content on her site. In my luck, she is a reasonable customer and know that doing something like that would only hurt my sales.

I am thinking this is caused by a “Man in the Middle” attack, listening the connections to and from Themeforest.

I think its about time we see that secure icon when we login.

3750 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Located in Spain
  • Has sold $125,000+ on Envato Market
  • Helped several times protecting Envato Market against copyright violations
+9 more
pezflash says

Https is required even to connect to the nursery where my child is going.
We have been claimming for this for long, is just awesome that Envato is not under SSL .

Anyway, i’ve to add that is most probably that your customer has any kind of troyan in her computer that a “man in the middle” of Envato authors form process.

3131 posts
  • Located in Australia
  • Helps us moderate the forums
  • Has been part of the Envato Community for over 5 years
  • Helped several times protecting Envato Market against copyright violations
+16 more
dtbaker Moderator says

Yer my vote is on a trojan on clients computer. A man in the middle attack as data is posted to envato, or as the email leaves envato to your inbox, is possibly but very unlikely. Also shared hosting accounts get compromised all the time, so it could be that too.

I would love to know if HTTPS is planned for the marketplace – at least for sensitive parts like the login process. It would help to prevent wire sniffing if it was implemented on the contact forms too – but the email that comes out the other end is still unencrypted and will pass through many more compromisable hosts than the original contact post data.

138 posts
  • Sells items exclusively on Envato Market
  • Has sold $1,000+ on Envato Market
  • Has been part of the Envato Community for over 6 years
  • Contributed a tutorial on Tuts+
+5 more
ram64 says

+1 For HTTPS at least on login page. Also, maybe I’m wrong, but a private message box here on Envato wouldn’t be better secured than sending emails on different email providers.

3723 posts Community Moderator
  • Has referred more than 5000 members
  • Has sold $40,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 100+ items on Envato Market
+9 more
quickandeasy Moderator says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

They do currently score very well for speed :)

1313 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Located in Indonesia
  • Has been part of the Envato Community for over 3 years
+2 more
canimalition says

Make sure to always update your security such as Antivirus to preventing Malware or Suspicious File on your computer.

3131 posts
  • Located in Australia
  • Helps us moderate the forums
  • Has been part of the Envato Community for over 5 years
  • Helped several times protecting Envato Market against copyright violations
+16 more
dtbaker Moderator says

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

I doubt the time a SSL handshake takes to complete would impact SEO results. That’s partly the fault of the connection speed at each end, not just the web server. But yes there is a lot more grunt behind offering up HTTPS , and in general it may take a bit longer for the page to load (although these days you wouldn’t even notice). (eg: ssl vs normal)

7644 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $40,000+ on Envato Market
  • Sells items exclusively on Envato Market
  • Located in Europe
+5 more
doru says

https cost money

169 posts
  • Has referred 1000+ members
  • Has sold $2M+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+5 more
ait says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

4335 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+10 more
Reaper-Media says

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

Yeah, SSL certs are NOT that much! I’m constantly worrying about people snooping my connection and stealing my cookie and abusing the forums. Using SSL would eliminate that worry! :-)

by
by
by
by
by
by