Quote - I definitely cannot log onto this site without the "thawte" certificates, can I please get a definite on what it is?  

Thawte is an Internet consulting firm that issues SSL (Secure Server License) to websites that have online stores at a cost to the owner of the website. The certificate that they issue [at a pretty large and annoying cost] is responsible for the little "Gold Lock" icon that shows at the bottom of your browser window when you are in the store... this is done to assure Online Store Customers that the website and online store you are visiting and the information you provide is "Secure"...

Thawte doesn't really do anything other than charge a website owner to purchase this certificate. The certificate is only good for a year and the only way that Thawte verifies this information is by running a script against the server to test and make sure that there isn't any open ports, remote linking, phishing scripts and other little things that might make it possible for people to steal your information at the moment of purchase... and it pretty much only verifies this information at the time of purchase or renewal of the certificate... as for the other 364 days of the year... well...  shrugs

Fact of the matter is this... any good System's Administrator is going to make sure that the website is secure 24/7/365... the SSL Certificate is only a means to provide Customer trust while sucking a pretty sizable chunk of money out of a website owner's pocket to provide that trust.

Bottom line... think of it as a nice little certificate that a shop owner puts up on the wall of their business to show they have a license to do whatever service they do. For example a certificate license for a person who cuts hair at a  hair salon... as many of you may know by this example, even though the person may have a certficate/license stating that they are licensed to cut hair, doesn't mean that they are someone you'd trust to touch your hair! :)

As for the website and forum hijack that occured... the fact is this... Renderosity is a pretty large Community, which makes it a perfect target for [disrespectful] individuals to try and siphon traffic and bandwidth from, or try and take revenge on (say from an individual who's been banned)... it is a script kitty paradise here!!

As such, this website is probably attacked on a regular basis in one form or another. DOS attacks, phishing tatics, harmful scripts, server/forum hijack attempts, etc... etc... etc... making it a monster of a job to protect itself and its members. And sometimes little things can make it through the cracks or accidently be over-looked and, as such, make for a very interesting and tiring day for the System's Administrator to try and clean the mess up and make steps to prevent it from happening again...

Personally, one way to avoid this would be to work on the means in which the forums must be replied to... meaning the applet that the site's software uses to allow members to post or reply to forum threads... no offense to Renderosity, but this is a pretty nice chink in the armor... particularly when a member has to DISABLE ADWARE protection software to post on the website!

Seriously, asking a member to disable security features that protect them from Phishing, Browser Hijacking Scripts, E-Mail Sniffers, and harmful applets that can be attached to off-site advertising banners for them to visit and interact on your website is not a great means to provide security to your members while visiting your website and makes the site an even MORE tempting target to idiots looking to exploit, steal, harrass, hijack or be a general pain in the butt to your business and to your customers.

Just my two pennies!
~Jack D. Kammerer
who is re-enabling his system's security features and going back to lurk mode