Tuts+ Premium Back Live and Patched

by posted in General
Jun 29
2012

After this week’s security breach and account compromise on Tuts+ Premium, we have now completed patching the service to no longer store passwords in cleartext. We’ve brought the system back online and are monitoring it closely.

If you notice anything odd about the Tuts+ Premium site or service, or have any problems with your account, please contact Support to let us know. We’re watching closely to make sure everything is working as it should, that the security of the site is intact and that members are inconvenienced as little as possible from here on in.

Catching up on 3 days of records

With the system down for three days, we’re slowly catching up on PayPal and Moneybookers payment notifications. This may take a little while for them all to be resent and captured by the system. If your monthly payment was paid in the last few days and you experience any problems logging in, please contact Support.

Refunds and Member Access

With the site now back up and running, we’re pulling together the records for payment of refunds and then next after that is sorting out free member access.

Trouble Receiving Password Resets

If you are having trouble receiving the password reset email: first check your spam folder for emails from support@tutsplus.com. If you still have not received your password reset email, please contact Support.

by
Hi, I'm Collis and I work at Envato!
  1. Lucas del Rio on the 29th June

    Great you are back!

  2. Tobias Aberg on the 29th June

    Glad you’re back! Good luck with the remaining parts of this mess :)

  3. Eq on the 29th June

    Great! tuts+ is back online! but i still have problem with login though. I’m not received e-mail for directions on how to change my password. is anyone have this issue ?

    • Oystein on the 29th June

      I’m also having trouble with the reset-password mail. I have submitted both username and e-mail, but I still havent got any mail to reset my password.

    • Collis Ta'eed on the 29th June

      Hey Eq, we’ve just switched the Forgot password email down to a plaintext one in case the HTML was more likely to get caught in a spam filter.

      The devs are double checking but emails seem to be sending OK and we’ve managed quite a few reset passwords so far, so might also be worth checking spam folder/filter?

    • Eq on the 29th June

      Yes! reset-password email in my inbox. Now i can login again to tuts+!. Thanks Collis.

    • SpillnerDesign on the 3rd July

      Same here – I am not getting a reset password mail.

  4. Matthew Killington on the 29th June

    I have the login issue as well I sent support a ticket just waiting for a reply

    • Collis Ta'eed on the 29th June

      Hey Matt, as I mentioned above, we’ve switched to a plaintext email in case the other one was getting caught. Can you check your spam filters and maybe try having it sent again?

    • Matthew Killington on the 29th June

      I have looked in spam etc and tryed 10ish times still nothing

    • Matthew Killington on the 29th June

      Hey Collis Ta’eed, If i submit a ticket with the paypay ID to prove I paid for tuts plus (2days before it went down) in a support ticket and submit the ID here will you take a look at it please as I did a password reset a few hours ago and still nothing and tried just now.

  5. Blake on the 29th June

    Glad you’re back online!

  6. srikanth on the 29th June

    Site is very fast and working good like before. Any news about the extra 2 months premium?

  7. Micha on the 29th June

    Hopefully it’s just the crowded mail-queue slowing everything down as the email hasn’t arrived here yet (I already checked spam-filter/-folder)…

    • Tobias Aberg on the 29th June

      I changed my email after the password reset and the confirmation took some time to arrive but it did so you’re probably right.

  8. dtbaker on the 29th June

    Woo back online! Good job.

  9. Gabor on the 29th June

    Thanx for everything! I’m so happy you are back! The password reset was smooth, I received your confirmation letter in a second. So I’m going to take the plunge into the courses again. :-)

  10. Phil Morrow on the 29th June

    Great stuff, good job guys :)

    Just reset my password though and I have to admit I was surprised to see you’re still using Amember. After all this, you still want to use them?

    • Michael on the 29th June

      Collis real concern isn’t weather your information stored in cleartext or not nor what system he uses. His only concern is your money, the quicker he’s back online the quicker he can take your money.

      Like it or not that’s the facts. He knew about this issue long ago and did nothing to fix it. It wasn’t until sh*t hit the fan did it force him to act upon it.

      Though I’m sure a change moving away from amember “is in the pipeline”.

    • Collis Ta'eed on the 29th June

      Hey Phil,

      Unfortunately the project to replace aMember is still going, it’s going to take a while. In the few days since the incident our only real choice has been to roll out a steady stream of patches for aMember’s issues. I hadn’t expected it was actually as possible as it’s turned out to be I must say. But I’m glad at least we could fix it.

      After this, it’s back to replacing aMember completely – cannot wait!!

    • Eq on the 29th June

      with refund and 2 month free of access? hmm…i think there are another reasons why envato still using it which i’m sure we are all want to know why ?

    • Phil Morrow on the 29th June

      Thanks for the response Collis.

      Michael – Surely you mean; “The quicker he’s back online, the quicker he can give me my money back and then give me a free service for a couple of months”. ;p

      In my opinion, Collis’ failing here has been in his love of new projects. He can sometimes move too fast for the company, and almost all of his projects tend to be successful and grow fast – making it even harder for the company to grow properly with them. I think it comes from a love of doing exciting things and creating stuff, not some calculated business decision based on profits.

  11. Timon on the 29th June

    Awesomeness!

    I think you handled the communication with your customer well, alot of companies can learn from this. You’ve learned alot from this situation also I bet. :)

    Good luck.

  12. Emre on the 29th June

    Why the hell did you store passwords as cleartext before?

  13. photokirst on the 29th June

    Glad you’re back on line, but i am having the same problem: I ave submitted a password reset request with both my username and email address – no response in inbox or spam.

    Have logged a ticket with support..

    • photokirst on the 29th June

      Hi Collis

      I haven’t had any feedback in an hour.. I need my account to be back on line by the weekend – please advise?

      Thanks
      Kirsten

  14. Esteve on the 29th June

    Sorry but I think Collis was sincere, fast to fix an imporant issue and generous (refunds).

    Other services have been down or hacked and none os these explanations and considerations were made.

    Collis, I’m a customer satisfied with your dilligence and information provided, keep working on the best teaching website related resource on the web with very smart people like Jeffrey.

  15. Phil Koury on the 29th June

    I paid for a premium membership on 6/21. I didn’t have access before the service went down and I don’t have access now…

    Glad you got the passwords fixed but by the looks of things there are some other issues.

  16. dante1 on the 29th June

    It`s good to have you back on track, now what do I need to do now as my Ticket ID: 231872 I had the money withdrawn twice from my account to pay for june , I need the second payment to be for july , besides the two months free you promised for august and september, I hope to hear for you soon guys,
    Thanks a lot for you support

  17. Fotis on the 29th June

    I was able to reset my password and log in to the system, however, my account seems to have expired cause I use a debit card for the site and didn’t have enough money on the card for my membership to automatically renew.

    Should I renew my membership so that I can get that refund or is there another way.

    Also, my membership expired with only the first failed attempt to charge my card. Surely an email should have been sent informing me that there was a failed charge so that I can have some time to rectify the issue before my account is expired.

  18. Dre on the 29th June

    Is learncss.tutsplus.com gone forever? I had a friend that wanted to get started with webdesign and tutsplus and I thought that would be a great first step.

    • Krisicash on the 30th June

      Yeah its down for me too :( and i was on day 16, its great course i hope it isn’t lost forever.

  19. Gochoo Gomboo on the 29th June

    Glad you are back. But what about refunds and Free months?

    • Brandon Jones on the 29th June

      It’s mentioned in the post:

      “With the site now back up and running, we’re pulling together the records for payment of refunds and then next after that is sorting out free member access.”

      ;)

  20. Dave on the 29th June

    Everything works for me as it should, password was reset properly and I’m back in action.

    Collis and all, I realize this was a shitty situation, but you handled it more gracefully than I imagine other sites would have. Cudos for the information, updates and transparency.

    • Brenda Malone on the 30th June

      +

  21. Thomas on the 29th June

    Frankly I haven’t seen a paid ‘tut that’s been worth my money for a while. After this I’m dropping my membership.

    Who the F- stores passwords in plain text?!

    You’re supposed to be disseminating best practices and you don’t don’t follow them yourself?

    Maybe the correct response to this it to start featuring tutorials describing best practices in Internet security.

  22. Brian Horlings on the 29th June

    I am having issues with the reset your password email. I have tried submitting the form three times and have yet to receive the email.

    I have checked my spam folder also and it is not there.

    Any help would be appreciated. Thanks in advance.

    • Brian Horlings on the 2nd July

      On a whim I tried it from Firefox instead of Chrome and I received my email. Looks like it has something to do with what browser the client is running.

  23. Rostislav Stoyanov on the 29th June

    When I click on reset password link I see

    Forbidden

    You don’t have permission to access /amember/reset_password.php on this server.

  24. stephen on the 29th June

    This full thing hasn’t put me off tuts at all but the one thing that is a bit annoying is that the password reset isn’t working for everyone and its not a problem with spam filters or junk folders but that’s the only thing i seem to be seeing as a reply to the problem.

  25. thecodingdude on the 29th June

    To be honest, whilst you still use this system, the site is not secure. I think I’ve done enough to prove this system is not secure (I basically found gaping holes in their system).

    Envato, please cut your losses and scrap your system. It’s insecure (even at this very moment, it is /still/ insecure).

  26. rnovino on the 29th June

    Glad your Back :) your site is a really big help, more power to the team and keep up the good job

  27. Brenda Malone on the 30th June

    I am GOLDEN! Reset password without a hitch! We are so glad you guys are back. Now, here’s what you all need:

    BEER
    BED
    BREAKFAST
    BACK TO WORK IN ABOUT 24 HOURS producing the world’s premiere tutorial and marketplace sites!

  28. ddozen on the 30th June

    I still can’t access the courses and tutorials and I subscribed for the monthly membership. this is frustrating me !

  29. Rich on the 30th June

    Well I’ve submitted a ticket and am awaiting a reply, hopefully it won’t take forever for me to gain access back to my account.

    I’ve tried numerous times using my email address and also my username and nothing arrives and no it’s not in spam.

    Strange thing is on one of my old accounts (gmail) I had no problems getting the password reset, but when using my hosting providers email that’s where it fails.

  30. Rich on the 30th June

    I’ve now received a reply back to my ticket and I’m now back in :)

    Many thanks Collis.

  31. gdi2290 on the 30th June

    y u no ssl?

  32. NotDoneYet on the 30th June

    I completely agree wit hgdi2290. If someone got onto your servers with your database, they are smart enough to see that all of your traffic is still going across in plain text on port 80 via HTTP. You really should use SSL for any sensitive data transmissions on your sites. Cheers!

  33. Mario on the 30th June

    Welcome back.

    What happened with what you said that everyone will get 2 months premium account? It seems I didn’t get that.

    Thanks!

  34. concerned on the 1st July

    I think it would be prudent to offer the free months to the premium members before or whilst sorting out refunds … I think I speak for most people in saying access is more important than the cash we gave up for the same access. Love your tutorials.

  35. praveen on the 1st July

    Looking forward to having the 2 months free access.

    Praveen
    Israel

  36. Anton on the 1st July

    I’m also having trouble with the reset-password mail. I have submitted both username and e-mail, but I still havent got any mail to reset my password.

    I chacked my spam filters. It’s empty…

  37. Ben Gibson on the 1st July

    Really shocked of all companies to store passwords in plain text, as an amateur, and reader of tuts, even I am aware of encryption, every single project I have worked on since day one has always used encryption, its pre-school stuff.

    Most annoyingly since the passwords have been reset I have been unable to discover which one of my passwords has been compromised and so I have had to change passwords across every service I have ever used :@.

    Found there has been less and less articles on here anyway so not worth trusting anymore passwords with tuts, time to move on!

  38. Hector on the 1st July

    reset my password and what is this two month free access announcement on the last note

  39. Shiro on the 2nd July

    m also having trouble with the reset-password mail. I have submitted both username and e-mail, but I still havent got any mail to reset my password.
    I chacked my spam filters. It’s empty…

    +1 for me

    • Shiro on the 2nd July

      Thanks Brian Horlings,
      It works in Firefox and it is instance!

  40. Paolo on the 2nd July

    Glad you’re back guys…but please, the password in plain text! I used to do that, when I started programming 15 years ago, by the time I’d made my first website I’d already found a tutorial which taught me to encrypt them! I’m going to trust you, because your tutorials are amazing, and I now that our job is a tough one, please don’t let me down again!

  41. Franky on the 3rd July

    Hi,

    Glad you are back, but how long do we have to wait for our support ticket to get answered???

leave a comment