Posts by SurStudio

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

I think it’s time to reinforce security for the section linked to payments

+1

However, I think is way more important to have the marketplaces running over SSL.

As anybody with basic HTTP knowledge would know, while we are logged in, cookies are sent as plain text, as any other part of a HTTP request/response. Every time we open/load an Envato page, we’re exposed.

Some time ago, Envato staff said that they can’t have SSL because browsers will display warnings, as there’re external assets loaded not using a https schema. But AT LEAST they should give the option to authors to use the site over https.

Envato announced they upgraded OpenSSL… that’s useless, if someone wants to steal access, then there’s no need to exploit that OpenSSL vulnerability. Just sniff HTTP requests and get the cookies, simple as that.

Right now, no hacker is needed, a kid with a network sniffer will be enough to break into our accounts.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

This happened: http://videohive.net/forums/thread/envato-response-to-the-heartbleed-ssl-vulnerability/128281 Envato encourages you to change your password: http://notes.envato.com/general/envato-response-to-the-heartbleed-ssl-vulnerability/

That’s another joke from Envato. The marketplaces don’t run over SSL, only when we login the data is sent encrypted (SSL).

It’s like a gazillion times easier to sniff the network traffic to get the cookies, than to exploit some SSL vulnerability.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

+1

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says


I think Envato should partner up with one of these online services to watch out for our items. And then offer us the service for, lets say, 5 or 10 USD per month per item. There are a lot of items, a lot of money can be made out of this.

I also think that the zip files should be somehow signed. So we can know who is the buyer distributing the file, and can take his/her account down. How hard could it be to put some metadata in a zip file?

I agree with @Creattive, Envato does very little or nothing about fighting piracy. Some time ago I contacted Support, there’s this closed forum with thousands of Envato items. I paid the fee to get in (10 miserable USD), and I wanted to give the credentials to Support, they wouldn’t want them! The last message I got from you Ibrahim took 2 months. Ticket: 195730 (year 2012) Of course the closed forum is still there, up and running.

Hi SurStudio,

Thanks for your feedback and comments. I’m not sure how hard can be signing a .zip file, this is something we should probably ask to Devs and confirm if it would really help to decrease piracy of our files. Unfortunately in this industry there is no company with unbreakable high-level security, we still have to deal with these guys creating workarounds to distribute the files.

I know you guys think we do little for piracy, but the reality is that we do a huge effort to fight piracy, we can’t make public announcements about these activities because we would indirectly provide valuable information to pirates. Last year we trained up more people to send DMCA notices and investigate more details about these websites.

When you see a website is still online, please don’t think we haven’t taken action, we really try to take action for all the cases you send via support ticket but it’s not always easy for multiple reasons, one of them is that the website or hosting company doesn’t acknowledge our DMCAs.

However, we encourage you and all authors to send your own DMCAs, you also retain ownership of the items in your portfolio, you don’t need to wait for Envato to take action, you can send your own DMCAs without our permission and the effect will be the same.

Again, thanks for your feedback!

Sure, talk to devs/search on google, I don’t think it would be hard at all. On the other hand, I don’t really see Envato shutting down accounts… this is of course, my personal opinion.

Pirates will continue finding their way, but if a few accounts get closed and you advertise that, they will have doubts, and most of them probably won’t share the zip file. Is about seed of doubt, of fear. And you can always change the signature, or even better, have multiple signatures, to the zip files, to other files like images, and other methods too. Every downloaded zip could have multiple signatures, create one or two very easy to crack. Then have a stronger one behind. Trick them. Open a new thread so the community can come up with ideas if you don’t want to hire the pros.

Sending DMCA notifications take a lot of time/work/effort. The pirates have improved their ways, multi-uploads at once, closed forums, registrations, redirects services to remove referrers, file status checkers, torrents. And all we do is send emails, one by one. And create a thread saying “we fight piracy”? Really? If they are reading this they must be laughing pretty hard.

When you search on google for a popular item, and you find the zip, then it means that sending DMCA notifications don’t work. After all, if after a file is taken down, it comes again the next day, how many times are you willing to do that?

As said before, what about partner up with people who are already working on this?

They are thousands uploading and sharing illegally. Is time to come up with a new idea.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

I think Envato should partner up with one of these online services to watch out for our items. And then offer us the service for, lets say, 5 or 10 USD per month per item. There are a lot of items, a lot of money can be made out of this.

I also think that the zip files should be somehow signed. So we can know who is the buyer distributing the file, and can take his/her account down. How hard could it be to put some metadata in a zip file?

I agree with @Creattive, Envato does very little or nothing about fighting piracy. Some time ago I contacted Support, there’s this closed forum with thousands of Envato items. I paid the fee to get in (10 miserable USD), and I wanted to give the credentials to Support, they wouldn’t want them! The last message I got from you Ibrahim took 2 months. Ticket: 195730 (year 2012) Of course the closed forum is still there, up and running.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

Congrats!

I think Envato should take note of this and demonstrate some appreciation. We have Top Authors. It’d be nice to have Top Referrers too.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

I recently received a 1 star rating that made me laugh:

“Extra comments from the buyer: Epic FAil – purchased and couldn’t install because css style sheet missing”

It’s so silly I have to laugh, especially after contacting Envato twice to get it removed, and no dice :)

P.s For people unfamiliar with Themeforest themes, when you download a theme, you have to extract the contents of the file you download, the actual theme file is inside, and that is what you install, if you try to install the Themeforest file directly, you will get that CSS error. Themeforest even wrote a guide about it http://support.envato.com/index.php?/Knowledgebase/Article/View/269 :)

This is just a thought. Perhaps will be possible to place a css file, and create some script that will either warn the user; or even better, make the install of the theme, and remove non related files.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says


+1 I happen to have the email of this person. If you’re interested, contact me.
Shouldn’t that be a confidential information and you should NOT distribute his/her email to ANYONE without his/her permission?

Take it easy buddy. Seems like they will both benefit if they communicate.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says

I think the dev should implement the system to contact buyer back when they leave their feedback ASAP…. As I mentioned before. We will never know how to contact back to them…. I recently got this message.

and it’s really annoying when I don’t know how to get back to them :(

Many other customers don’t have this problem and I myself can’t detect it as well..

+1

I happen to have the email of this person. If you’re interested, contact me.

184 posts
  • Argentina
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
  • Exclusive Author
  • Bought between 1 and 9 items
SurStudio says


Hey community! I just talked to the devs, and things with the API should be returning back to normal. Sorry once more for the inconveniences.

Will it require use of user agent or not? That is what is important, because it would require massive updates to change the existing API related code to do it. Can we get some detailed information on this subject and what to expect and will there be any change to the way API is accessed?

Milan

Well, if you’re on Francesco Schettino’s ship, you better be wearing a life vest :D

I think you should send the validation requests to your own server, and from there to Envato’s. This way you can actually do something, like adding a simple header or just granting access to everybody in a minute

by
by
by
by
by
by