WELCOME TO THE BLOG

A Problem With Our Website

Today our main company website http://www.prophoto.com/ was very temporarily hacked. If you’re not interested in all the gory details, here’s the TL;DR version — we eliminated the hack very quickly and verified that no ProPhoto product or customer websites were ever in danger. Also, because we keep no sensitive data about you, our customers, there was no risk of that sort of data having been compromised. If you’re a ProPhoto user, there is absolutely nothing you need to do. If you’re interested in a much more detailed disclosure and details, grab a coffee and read on.

More Details:

Today at around 2:30pm EST, our main website, http://www.prophoto.com/ was hacked for about 5 minutes, during which time any visitors to our site saw an innocuous web page supplied by the hacker. After we found out about the hack, we very quickly worked with some high-level admins at Bluehost (where our website is hosted) and were able to determine the source of the attack and block it.

As soon as the hack was removed, we immediately began working to find out if there were any security ramifications for our users. The first thing I want to make absolutely clear is that we do not and have never collected or retained any truly sensitive information about our users. The best security is ignorance, because an attacker can not steal what we do not know. We do not process credit card transactions, so we never ever have access to your credit card numbers, any financial data whatsoever, or any password of yours. Because we’re not a webhost and you have no account with us, our website has no information of any kind about any of your passwords, and we have no access to your website or email. Because we never know that information, we never store that information, and there is no possibility that any of that type of information could have been compromised.

That said, we do retain our customers email addresses for upgrade and registration information. That is the most sensitive information that we store in our databases. However, we have no reason to believe that those email addresses were ever accessed, and we have already taken several measures to secure that data even more than it was before. I am only sharing this so that you know that the worst possible scenario we could have envisioned in terms of user data would be a compromise of our customers email addresses. Again, there was never any possibility of credit card or password information being compromised because we intentionally never know that information. However, just to be perfectly clear, our post-mortem analysis so far has shown zero evidence that those email addresses were compromised.

The second thing we immediately checked was if there was ever any breach of the security of our ProPhoto or Proofing plugin product files. As you know, we sell products which our customers download and then install into their WordPress websites on their own web hosting accounts. After we found out about our site being hacked, we immediately removed the ability for any customer to purchase, download, or auto-update their websites, so that we could inspect the integrity of those product files.

After careful inspection, we were able to confirm 100% that the files that users were downloading, installing, and auto-updating from were never touched or modified in any way by the hack that affected our website temporarily. We made that confirmation in three ways. First, we compared the last modification timestamp on those files with the last time we made any change (which we keep an internal record of, for exactly this type of scenario), and the timestamps perfectly matched. The last time those files were modified matched exactly the last time we internally updated the files. Second we examined the files themselves and ran a diff tool on that is capable of alerting us if even a single byte doesn’t match between the files on our server and our local copies. The diff tool found zero discrepancies in any of our product files. Thirdly, we were able to analyze access logs to verify that those files were not accessed or modified in anyway.

During this time, we were also working with several high-level security system administrators from Bluehost, who were verifying and confirming our internal investigations, and providing helpful support. They were able to find evidence that also confirmed our knowledge about what the hack affected, and what it did not.

We currently have a pretty good picture of how the hack was executed, but we are still working on understanding the exact implementation details. Right now 100% of the evidence points to a security vulnerability that was totally unrelated to the ProPhoto product that our customers run on their web servers. Again, the hack occurred on our website, not within ProPhoto itself. Our website is not directly related to any of our customers websites at all. We are not a hosting company, so we do not host any of our customers websites. Furthermore, our hosting account at Bluehost is on a completely dedicated server, so there is no possibility that the vulnerability exploited on our website could leak over to any other accounts hosted by Bluehost since we are not on a shared server.

Once we know more about the exact attack vector, we will disclose anything pertinent on this blog. Our website runs WordPress (although it does not run ProPhoto), so if we determine that the attack came through WordPress and that there is a new or unidentified vulnerability in WordPress, we will pass that information on to the WordPress team. Right now we have no evidence that ProPhoto itself was the vulnerability, but if it turns out that we were wrong about that, we will absolutely disclose that information on this blog as well.

Since we started selling and supporting ProPhoto, we’ve never experienced an exploited security vulnerability in the ProPhoto theme or Proofing plugin. That doesn’t mean that we can relax — writing secure software is incredibly hard and it is absolutely our duty to be constantly vigilant to ensure the security of our customers by the strictest caution in the code we write. But it is good to know that we’ve never encountered a security problem caused from the ProPhoto codebase itself. The closest we’ve ever come to that was about 5 years ago we found a hacked plugin that was modified to try to gain access to the ProPhoto3 theme. That attack was not through a vulnerability in ProPhoto, it was through a hacked plugin that was attempting to access P3. Also, at that time we never able to determine if the hack was widespread or isolated to the single compromised web hosting account we were working with.

Thoughts on disclosure

In the seven years since I wrote the first version of ProPhoto and started this company I’ve seen many small and large companies deal with hacks and security exploits. I’ve often considered how I would handle a similar situation. At one point I even uncovered a small but serious security problem at a web hosting company. During the process of working directly with that company I remember being frustrated by the owner considering hiding the security issue from his users. I promised myself that if put in a similar situation I would absolutely err on the side of transparency and disclosure, even if it meant egg on our face. This blog post is my attempt to make good on that promise.

Thankfully, it looks like this scare has turned out to have been very minor. It could have been much, much worse. In the end, it may end up being a blessing in disguise. We got to have a dress-rehearsal of a real security scare without any true damage to our customers websites or data. I promise you that we will learn and grow from this experience. Even though our customers were not affected in any way, it is not acceptable to us that our site was compromised in any way for any length of time. We have to do better, and we will absolutely strive to do so and to continue earn the trust you put in us.

What Now?

Out of an abundance of caution, our team has decided to disable all purchasing of ProPhoto for the rest of this weekend. We will resume selling ProPhoto and the Proofing plugin on Monday morning, February 16. This is not at all because we have any reason to believe there is any ongoing problem with our site or product, as I explained at length above. Rather, it is to add one more layer of confidence before we resume normal activities. Waiting until Monday to resume selling as usual will cost us some revenue, but it will also give us one more stage of verification as we will be able to examine our raw access logs and files to see if there has been even a hint of suspicious activity since we first identified and resolved the hack.

Second, very shortly after we identified the hack, we chose to sent a pre-emptive email out to anyone who had purchased any of our products within the last 24 hours notifying them that we had an unresolved situation. It turns out that those emails were unnecessary because we have determined that none of those users (or any others) were ever at risk. Even so, we feel good about the decision to alert those customers. We feel it was better to err on the side of communication and caution, even if it temporarily made us look bad to some new customers. We will be re-contacting those customers to let them know the result of our investigation.

We will also perform a very intensive post-mortum to learn from this incident, which process has already begun. We will be working with the security team at Bluehost and possibly other experts to make sure we’ve done everything we know how to do to prevent any future incident, be it small or large.

If you have any questions, please feel free to leave a comment below and I will try to personally answer. Thank you so much for being our customers, and we will keep striving to and earn and retain your trust.

Proofing Auto-update, build #190

Proofing Plugin users, today we’re pushing out another free auto-update to anyone on an auto-update capable site. This updates contains numerous small-to-medium sized enhancements which were queued up behind the large Packages feature we released about 2 weeks ago.

Package psuedo-products

First, an enhancement to the packages feature. You can now create packages out of what we call “pseudo-products” — named faux-products that don’t have to be separately configured as actual proofing products.

you can now add "psuedo-products" as well as normally configured products to packages

you can now add “psuedo-products” as well as normally configured products to packages

The reason for pseudo products is that often you will be creating a package and the sub-items for the package don’t ever need to be sold separately as a product. Take the example of wanting to sell a package called “Album” for $500 where your customers get to choose 25 images. Before psuedo-products, you would have had to create a separate, full proofing product called “Album selection”, and then you would have had to use product groups to make sure that no one could ever buy that product on it’s own for any gallery.

With psuedo-products, you can skip all that hassle, and just name the sub-package items anything you want and set their quantity, as shown below:

no need to create a new product just for your package, use a psuedo-product instead

no need to create a new product just for your package, use a psuedo-product instead

Package with all images

Another enhancement to the packages feature allows you to set a special quantity for a package sub-product which means “one of every image in the gallery”. Suppose you wanted to create a package that consisted of a fullsized, unwatermarked digital download for every image in your gallery for $200. Before this auto-update, there was no way to do this, as you had to set a specific quantity for each product included in a package. Now, you can set a product quantity to -1 which is a special code meaning: set the quantity to the total number of images in a gallery, and select one of every image in the gallery for that product.

set product quantity to -1 to mean "one of every image in gallery"

set product quantity to -1 to mean “one of every image in gallery”

package containing a product with quantity set to "-1"

package containing a product with quantity set to “-1”

Proofing gallery expiration

Proofing galleries now allow you to set an expiration date. When the date is reached, the gallery will be placed in the trash, and will no longer be accessible to your customers.

you can now set an automatic gallery expiration date

you can now set an automatic gallery expiration date

Product example image

Also new in this update, you can now upload optional images for products and packages. These images can help your users get a visual sense of what the physical product is that they are ordering.

you can now upload example product images for products and packages

you can now upload example product images for products and packages

example product image shown in context on "add-to-cart" screen

example product image shown in context on “add-to-cart” screen

Checkout confirmation step

Due to some helpful feedback we’ve gotten from users, we’ve added an additional step in the checkout process whenever shipping and taxes fees are assessed. After the user fills out their shipping address information, if any shipping and taxes will be added to the order based on that entered information, the user is then showed a confirmation screen before their order is submitted, or they are passed off to PayPal.

checkout confirmation screen shown after taxes and shipping charges calculated

checkout confirmation screen shown after taxes and shipping charges calculated

Image comments on submitted orders

Until this auto-update, user comments on gallery images were only visible for submitted collections, not orders. That is corrected in this update, and you can now see any user image comments on submitted orders, in the admin orders screen, and in the HTML and spreadsheet reports.

user image comments are now clearly displayed for submitted orders as well as collections

user image comments are now clearly displayed for submitted orders as well as collections

Proofing gallery categories

Proofing galleries can now have categories, allowing you to categorize your galleries and link to category-specific archive pages.

proofing galleries can now be placed in categories, like blog posts

proofing galleries can now be placed in categories, like blog posts

New gallery image reordering options

In this update, we’ve also added two new methods of re-ordering your images from the gallery create/edit admin screen: by upload order, and by file created time.

two new ways of re-ordering images: by upload order, and by file creation time

two new ways of re-ordering images: by upload order, and by file creation time

-GOTCHA- Please note: reordering by file created time can sometimes produce unexpected results, depending on your editing workflow and which programs you use. Sometimes when files are saved or exported from programs like Lightroom and Photoshop, the original file created time (when the image was shot) is preserved, and other times it is re-set to the file export/save time. -/-

Child gallery breadcrumb links

We’ve added a simple breadcrumb-style group of text links at the top of child galleries that allow quick access back to the parent gallery as well as easy navigation to all sibling galleries.

new text breadcrumb links for child galleries

new text breadcrumb links for child galleries

Bypassing shipping form

Some photographers do all in-person product pickup or delivery and don’t want to ever show a shipping address form to their customers. Now, you can choose to force the disabling of the shipping form. Just be aware that if you force the disabling of the shipping form, any taxes or shipping fees that are calculated based on country, state/province, or zip/postal code will not be assessed.

optionally choose to completely bypass shipping form

optionally choose to completely bypass shipping form

Also, we modified the plugin to automatically skip the shipping form when the cart only includes digital download products that are not subject to tax or shipping fees.

And more

There are a bunch more smaller improvements and bug fixes in this update as well, including:

  • front-end speed improvements
  • ensure that taxes are assessed correctly on products that have their price reduced by discounts
  • prevent cart submission if cart has zero items
  • add safegaurds against deleting images from proofing galleries that were uploaded to other posts/pages
  • make product category list obey custom product order, if set
  • added a admin link for users on non-auto-update-capable hosts to generate a secure download link to get the latest build of the plugin
  • allow uploading of custom background image for proofing gallery modal backgrounds, instead of just blurred image or solid color
  • don’t send orders to PayPal when discounts have reduced total price to zero (duh)
  • add translation/customization of required form submit invalid error messages
  • don’t show shipping method options if cart consists entirely of digital downloads (also, duh)
  • disable plugin with warning message when image downsizing disabled
  • don’t permit the same digital download product to be added to the cart more than once for same image
  • fix bug that could cause proofing gallery to lose it’s association with it’s images when previewing
  • if user has entered discount code but not submitted it, force submission before checkout proceeds
  • show “download all” button if when appropriate, even if user not logged in
  • always capture document scroll position when transitioning from non-modal to modal, and always restore
  • prevent wp-super-cache plugin from caching PFP pages and causing problems
  • set timezone explicitly to correct submitted time discrepancies on collections and orders
  • don’t submit order for PayPal payment until user clicks “continue” on pre-paypal handoff screen, if they cancel out of that screen, they would expect to maintain their cart

Problems?

Even though we’ve tested these new features extensively, there’s a lot in this latest update, so it’s possible you might uncover a bug we didn’t catch. If you do, shoot us a support request right away with a detailed description of the problem and your WordPress and FTP login and we’ll get to the bottom of it ASAP.

Proofing auto-update: Packages

Proofing Plugin users, today we’re pushing out another free auto-update to anyone on an auto-update capable site. The primary purpose of this auto-update is to release a new feature called “packages.”

Introducing Packages

With this latest build of the Proofing plugin, you can now create a special type of product called a “package.” A package is a product composed of other products. To create a package, you just give it a name, a price, and set it up to be composed of varying quantities of any of your pre-configured stand-alone products.

create/edit package customization area

create/edit package customization area

Then, while a user is browsing one of your proofing galleries, they can put a package into their cart.

packages appear in their own product category

packages appear in their own product category

Once they’ve selected to add a package to their shopping cart, they will be presented with a new screen, showing the available products within the package.

empty package shown, user adds images to products by clicking empty product "wells"

empty package shown, user adds images to products by clicking empty product “wells”

At that point they can click or arrow-key through the images in the gallery, clicking the plus-signs on the empty product wells to add images into the various spots of the packages.

here you can see a package which has been partially completed, some images have been selected, some have not

here you can see a package which has been partially completed, some images have been selected, some have not

If they don’t want to navigate through the images individually, they can also click to view all of the images at once and add to the package that way.

users can also click to see all images while adding to a package

users can also click to see all images while adding to a package

users can browse thumbnails of all gallery images while adding to a package

users can browse thumbnails of all gallery images while adding to a package

If they have any images in any collections, they can also just view the images in those collections, making adding to a package from a collection like “Favorites” dead simple.

users can also view by collections (like Favorites) while adding to package

users can also view by collections (like Favorites) while adding to package

While viewing their cart, they can see the package name, the number of items they have selected, and a representation of some of the images in the package.

view of package in shopping cart

view of package in shopping cart

A helpful tooltip appears whenever they hover over a package in their cart, letting them know they can click to edit the package.

users can click to edit a package from the cart view at any time

users can click to edit a package from the cart view at any time

Package admin tools

When a cart containing a package is submitted, the admin order views make this clear.

packages are shown with expandable sub-items in admin orders screen

packages are show with expandable sub-items in admin orders screen

here you can see the sub-items within the package

here you can see the sub-items within the package

packages are clearly represented in the HTML report form

packages are clearly represented in the HTML report form

packages are also clearly visible in admin spreadsheet report form

packages are also clearly visible in admin spreadsheet report form

More good stuff

Lightroom filename lists

A number of users have also expressed the desire to be able to easily get a comma-separated list of filenames from submitted orders and collections, to use for fast image selection in Adobe Lightroom. In this new build of the Proofing plugin, this is built into the admin orders screen:

copy filename list button in admin orders screen

copy filename list button in admin orders screen

all filenames from order or collection in comma-separated list for use in Lightroom

all filenames from order or collection in comma-separated list for use in Lightroom

Manually delete trashed orders

ProPhoto Proofing automatically deletes trashed orders and collections after 30 days in the trash. But many of you have expressed the desire to manually delete these trashed orders. With this latest build, you can now see a new “delete” button when viewing trashed orders.

you can now manually delete trashed orders and collections

you can now manually delete trashed orders and collections

More to come soon

Now that the packages feature has been released, we’re going to quickly add some of the more oft-requested smaller features that have been queueing up behind packages. Some of the features you can expect within the next 1-3 weeks are:

  • required miminum order amount
  • download all button for front-side users able to download all images
  • iPad/tablet usability improvements
  • display image comments in admin orders screen for submitted orders
  • add link back to parent gallery from child galleries
  • improvements on checkout flow related to showing shipping & taxes amounts
  • new package type – one of the same product for every image in gallery
  • package psuedo-products

Proofing auto-update: Image management

Proofing plugin users, this morning we’re rolling out another free update to the ProPhoto Proofing plugin. This update contains two improvements to the proofing gallery create/edit screen, plus some smaller bug-fixes and miscellaneous enhancements.

Image management meta box

New in this auto-update is an Image management meta box in your proofing gallery create/edit screens. It looks like this:

Proofing gallery image management meta box

Proofing gallery image management meta box

The purpose of this new area is to give you some additional insight and tools to manage the images in your proofing galleries.

Creating all image sizes

In order to display your proofing gallery images at the correct sizes and with the correct watermarking, and to make them download as quickly as possible, ProPhoto programmatically creates multiple downsized copies of your images. These downsized images are created by your server as needed, based on who is viewing your galleries and with what size screens. This means that the first few times a gallery is viewed, ProPhoto might have to do some additional downsizing work in the background, which can slightly slow down the loading and display of your proofing gallery.

In order to combat that slightly slower loading the first few times a gallery is viewed, you can now click a button to pre-downsize all of the needed smaller watermarked copies. When you click the “Create all images sizes” button, ProPhoto will one-by-one start pre-downsizing all of the possible sizes, as shown here:

ProPhoto showing you the progress of the pre-downsizing of all of your images

ProPhoto showing you the progress of the pre-downsizing of all of your images

Once all of the images are created, your proofing gallery users will not have to ever wait for the server to create a downsized copy of an image. They will have all the possible sizes available and ready for direct loading in their browser. This can provide a noticeable improvement in the performance of your proofing gallery, especially for the first few users to interact with it.

The only downside to creating all of the images before hand is that ProPhoto might end up creating some image sizes that never get utilized by a gallery user. This means that extra web-hosting disk space can be taken up that is not necessary. So, if you’re limited on disk space with your hosting company, you might want to use this button with care.

Deleting all images

click here to delete every image size from your server, freeing up the space again

click here to delete every image size from your server, freeing up the space again

In this new area you can also force the deletion of all of the original and downsized images for your proofing galleries. Large galleries with many downsized copies can take up a lot of space on your server, so this button can come in handy if you want to know that all of that disk space is free again when you’re completely done with a gallery. Only use this button when you’re ready to trash a gallery, or start over with all new images, as there is no undo.

ProPhoto does also now automatically delete all images from any proofing gallery post that has been in the WordPress “trash” for 30 days and is being deleted permanently by WordPress.

Inline help

Also new in this update is the addition of contextual, inline help documentation in the gallery admin create/edit screen. You’ll now see familiar lifesaver and information icons for each customization area:

notice the help icons in the upper right corner, same as in ProPhoto customization screens

notice the help icons in the upper right corner, same as in ProPhoto customization screens

These icons are identical in form and function to those you are familiar with seeing in ProPhoto customization screens. The blue information icon loads a brief text-based explanation of the current customization area:

contextual help in the form of explanatory text

contextual help in the form of explanatory text

Clicking on the lifesaver icon, in contrast, loads a modal view of a full tutorial from our website, focused on that customization area:

direct modal viewing of ProPhoto support tutorials

direct modal viewing of ProPhoto support tutorials

Also in this update

  • fixed a bug that was causing discounts not to be properly passed to PayPal
  • fixed a bug that could cause user data corruption when user leaves image comment with apostrophe
  • add more links to tutorials throughout admin area
  • add a view cart button in the user toolbar for direct access to cart

Get a $30 rebate when you choose our recommended host, Hostpapa