(Locked) Apologies.

In response to: http://codecanyon.net/forums/thread/censorship/68217

So, if any of you caught it, I made a thread called “Secure? Yeah…Right” which basically was a document containing a few things I had found that contributed to the recent attacks on Envato. I felt like I had to expose a multi million dollar company not to say “I did it”, but because I felt it’s important everybody is aware why and how your accounts got hacked – it’s important to know the details behind it.

I do understand that I could have handled this better, but I am not an Envato employee, I am just somebody who tries to contribute here and there.

Sorry for anybody involved if you found my post somewhat crosses the boundaries of what is and isn’t tolerated. I would appreciate it if this thread can be left open for a bit of discussion – I love reading what other forum members have to say. Locking threads down (such as the “Censorship” thread irritates me a lot (which is why I have created this thread now) ).

I hope Envato starts to appreciate what the community does for you. I could have posted this outside Envato’s scope and potentially it could have been used to fuel more attacks – I (sort of) did the right thing here.

Most of what I reported has since (thankfully) been fixed. Yes I have copies of my message but I won’t be posting them here again (since the issues have now been patched up, I can’t see the harm in making it public now). I feel my duty here has been done. I will not be reporting any more security bugs that are found. Envato should learn from this and employ a security advisor whose job it is to hack the Envato websites to try and find bugs. This isn’t my job.

Thank you!

I think you did a good thing finding that issue, no need to apologies in my opinion, yes maybe it would had been better contacting envato staff and show them the problem privately.

They should give you a sheriff badge!

Don’t get me wrong, we very much value our community and all the hard work you do to make this place awesome. I’m sorry if it came across like we were trying to assert heavy-handed censorship. It’s just that posting potential exploits in a public forum only encourages bad behavior. Our Support team is here to make sure the right people are informed (and they have been). Thanks!

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

Mate, if you find a security problem for Envato don’t post it on the forum where a large number of people will look at and potentially use. I’m sure Envato is thankful for your warning but you should have just turned to their support center, something to contact them directly as doru said.

wickedpixel said
Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

hahahahha ROTFL !

plusquare said
Mate, if you find a security problem for Envato don’t post it on the forum where a large number of people will look at and potentially use. I’m sure Envato is thankful for your warning but you should have just turned to their support center, something to contact them directly as doru said.

In all fairness, that is no way near as fun. And posting publicly got the issue sorted far faster (they could not have afforded not to fix this right away).

Hacks are worth millions to some companies. I’m not sure why Envato doesn’t roll a similar program.

We’re just trying to figure out why a theme we purchased is no longer up on the site and we cannot get ahold of the author. We purchased the theme, used it for a presentation to the stock holders and now we are unable to download the theme that we rightfully purchased. Contacted support, but they have no been helpful.

Is this part of the security breach? Are items being taken down by hackers or something?

accudata said
We’re just trying to figure out why a theme we purchased is no longer up on the site and we cannot get ahold of the author. We purchased the theme, used it for a presentation to the stock holders and now we are unable to download the theme that we rightfully purchased. Contacted support, but they have no been helpful. Is this part of the security breach? Are items being taken down by hackers or something?

Themes can be removed for many reasons including a request from the author and if it no longer meets quality standards. The security problem was only on Tuts+ not the Marketplaces at all. Thanks!

It is actually not good to be talking about hackers in the forum because it can only bring wrong impression to this community and Envato marketplaces as a whole.

Thanks Thecodingdude for your effort but it is best not to talk about hackers. It can only drive more bad people here to make an attempt.

Best regards.

Charles Brown