Marketplace Security

I recently had a huge problem with a client. It was neither mine or the customers fault.

Customer emails me the login details to her website from my profile page. I have not read the email for 3 days since I was away for the weekend.

Next thing I know, she is blaming me for placing spam content on her site. In my luck, she is a reasonable customer and know that doing something like that would only hurt my sales.

I am thinking this is caused by a “Man in the Middle” attack, listening the connections to and from Themeforest.

I think its about time we see that secure icon when we login.

Https is required even to connect to the nursery where my child is going.
We have been claimming for this for long, is just awesome that Envato is not under SSL .

Anyway, i’ve to add that is most probably that your customer has any kind of troyan in her computer that a “man in the middle” of Envato authors form process.

Yer my vote is on a trojan on clients computer. A man in the middle attack as data is posted to envato, or as the email leaves envato to your inbox, is possibly but very unlikely. Also shared hosting accounts get compromised all the time, so it could be that too.

I would love to know if HTTPS is planned for the marketplace – at least for sensitive parts like the login process. It would help to prevent wire sniffing if it was implemented on the contact forms too – but the email that comes out the other end is still unencrypted and will pass through many more compromisable hosts than the original contact post data.

+1 For HTTPS at least on login page. Also, maybe I’m wrong, but a private message box here on Envato wouldn’t be better secured than sending emails on different email providers.

Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

They do currently score very well for speed

Make sure to always update your security such as Antivirus to preventing Malware or Suspicious File on your computer.

quickandeasy said
Out of curiosity, does HTTPS not take longer to load? & therefore would that not hurt the SEO of pages?

I doubt the time a SSL handshake takes to complete would impact SEO results. That’s partly the fault of the connection speed at each end, not just the web server. But yes there is a lot more grunt behind offering up HTTPS , and in general it may take a bit longer for the page to load (although these days you wouldn’t even notice). (eg: ssl vs normal)

https cost money

C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

ait said
C’mon, SSL cert costs about $15 a year for single domain, about $150 for wildcard cert. That’s nothing.

Yeah, SSL certs are NOT that much! I’m constantly worrying about people snooping my connection and stealing my cookie and abusing the forums. Using SSL would eliminate that worry!