Cloudbleed & SmugMug

GargaGarga Registered Users Posts: 67 Big grins
in SmugMug Support

I haven't heard anything about Cloudbleed affecting SmugMug at all, but I thought I'd ask since nobody else has.

Should we be changing our passwords??

Also, we really need 2FA. Will do a lot to secure our photos when these inevitable bugs come around.

cams.photos
Vote for: SmugMug Two factor authentication

Comments

  • FergusonFerguson Registered Users Posts: 1,345 Major grins

    And might we also get an update on your status for CDN migration?

    Last I heard (and brief testing) showed that you were still in progress in terms of migration, nickname domains (e.g. http[s]://myname.smugmug.com) are coming up as cloudfront, and custom domains are still the old vendor cloudflare. And I think there may be more to it than that, relating to images vs pages?

    Cloudbleed was a bug from cloudflare, so at least in theory it would have affected only those using custom domains? Or are other aspects (notably security aspects) still on Cloudflare as well?

    Though honestly I'm not sure if being on both means we are doubly vulnerable - any slowdown or bugs on either affect us, or better off in that any outage on one you can still get some data with the other name. :o

    But as migrations go, this one seems to be taking a long, long time.

    http://captivephotons.com
  • Lille UlvenLille Ulven Registered Users Posts: 567 Major grins

    As far as the cloud bleed goes here is a website where you can test your website against this error: cloudbleedcheck-com.herokuapp.com
    I have tested it with a couple of domains, some came back with problems but smugmug.com tested OK :smile:

    https://www.lilleulven.smugmug.com - The Photos of my travels
  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins

    @Ferguson said:
    And might we also get an update on your status for CDN migration?

    Last I heard (and brief testing) showed that you were still in progress in terms of migration, nickname domains (e.g. http[s]://myname.smugmug.com) are coming up as cloudfront, and custom domains are still the old vendor cloudflare. And I think there may be more to it than that, relating to images vs pages?

    Most everything is on CloudFront, except for the HTML for the page for custom domains which is still on CloudFlare. We're pushing CloudFront as hard as we can to get the support we need for custom domains but they haven't given us an estimate on when.

    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • GargaGarga Registered Users Posts: 67 Big grins

    @Lille Ulven said:
    As far as the cloud bleed goes here is a website where you can test your website against this error: cloudbleedcheck-com.herokuapp.com
    I have tested it with a couple of domains, some came back with problems but smugmug.com tested OK :smile:

    Cool, well all seems to be fine by the looks. I guess they don't want to alarm anyone if there's no evidence data/mem leak. Though there are some big sites affected, surprisingly they aren't saying much either.

    cams.photos
    Vote for: SmugMug Two factor authentication
Sign In or Register to comment.