Best way to protect your PHP software ? - GoFuckYourself.com

qw12er · 12-01-2010, 09:08 AM

I'm about to deploy a php software onto a client server. What is my best way to make sure he doesn't alter/read/modify or make a copy of my software ?

Zend Guard seems the best approach but is it really ? What are my other options ?

thanks

brassmonkey · 12-01-2010, 09:19 AM

you cant its all crackable even ion cube

qw12er · 12-01-2010, 09:27 AM

Quote:

Originally Posted by brassmonkey

you cant its all crackable even ion cube

Everything's crackable ... but what's the best option ?
the legal dept will ensure strict usage policy and hold businesses accountable for leaks. But we still need some level of technical protection.

ottopottomouse · 12-01-2010, 09:31 AM

There's a deZender thing floating about that any idiot (no brains needed) could use on it.

brassmonkey · 12-01-2010, 09:35 AM

Quote:

Originally Posted by qw12er

Everything's crackable ... but what's the best option ?
the legal dept will ensure strict usage policy and hold businesses accountable for leaks. But we still need some level of technical protection.

php shield then

qw12er · 12-01-2010, 09:40 AM

Quote:

Originally Posted by ottopottomouse

There's a deZender thing floating about that any idiot (no brains needed) could use on it.

hummm that's not good. Not good at all...

qw12er · 12-01-2010, 09:43 AM

any other options !?

brassmonkey · 12-01-2010, 09:45 AM

Quote:

Originally Posted by qw12er

any other options !?

http://www.phpshield.com/ is one of the two i remember that isnt being cracked i cant think of the other one.

qw12er · 12-01-2010, 09:51 AM

Quote:

Originally Posted by brassmonkey

http://www.phpshield.com/ is one of the two i remember that isnt being cracked i cant think of the other one.

According to their website PHPShield is the same as sourceguardian which is cracked by deZender !

Quote:

phpSHIELD is a premier php Encoder product, originally developed in 2003. In 2006 phpSHIELD joined forces with Inovica Ltd, developer of the SourceGuardian PHP Encoder and we integrated our system with theirs. Our two PHP Encoding products are similar, but they target different markets.

Brujah · 12-01-2010, 09:54 AM

Why do you want to keep him from reading it or modifying it? Don't encode your software!

qw12er · 12-01-2010, 09:57 AM

because I need to put the files on their server ...

Broda · 12-01-2010, 11:34 AM

Chances are that he really has no interest in cracking it.
If he does, he'll find a way around it, no matter how you encode it.
So to make it ever more difficult for him, why don't you obfuscate the h*ll out of it? And apply plenty of evals where possible, as well. That would at least give you the satisfaction of knowing that it'll be a pain in the *ss for whomever's going to crack it.

A word of advice on that: remember to keep an unobfuscated copy for yourself ;) hehe

brassmonkey · 12-01-2010, 11:39 AM

Quote:

Originally Posted by qw12er

According to their website PHPShield is the same as sourceguardian which is cracked by deZender !

contact me at scriptdude333 -at- yahoo and ill give u the details

myneid · 12-01-2010, 11:39 AM

Quote:

Originally Posted by Brujah

Why do you want to keep him from reading it or modifying it? Don't encode your software!

i agree, the best way to protect your software is a shift of your thinking about it.

why not let them read and modify, probalby not going to harm you that much, if anything they will see how good of a coder you are hire you more.

i've always been against software encoding. if you are worried about them copying it, attatch a license in there and put it public on a website or something.

qw12er · 12-01-2010, 11:56 AM

Quote:

Originally Posted by myneid

i've always been against software encoding. if you are worried about them copying it, attatch a license in there and put it public on a website or something.

if they have the code ... won't they just have to disable liscence validation !?

u-Bob · 12-01-2010, 12:03 PM

<--- never buys encoded scripts.

myneid · 12-01-2010, 12:16 PM

Quote:

Originally Posted by qw12er

if they have the code ... won't they just have to disable liscence validation !?

its not about disabling anything, its about having it there.
or just encode the license part of it. use ioncube
personally i dont sell software, so maybe i have a skewed view, but hte only way you can protect your source is by selling it as a servivce and hosting it yourself.

when i come across small softwares that are encoded, my initial reaction is always that its encoded so that people cannot see how poorly it is coded and all the security holes.
of course thats not true in most cases, but a lot of people get that feeling.

i prefer to be open about everything.

czarina · 12-01-2010, 12:18 PM

use flash

Broda · 12-01-2010, 12:37 PM

Quote:

Originally Posted by czarina

use flash

What difference would that make?

BestXXXPorn · 12-01-2010, 12:56 PM

Quote:

Originally Posted by myneid

its not about disabling anything, its about having it there.
or just encode the license part of it. use ioncube
personally i dont sell software, so maybe i have a skewed view, but hte only way you can protect your source is by selling it as a servivce and hosting it yourself.

when i come across small softwares that are encoded, my initial reaction is always that its encoded so that people cannot see how poorly it is coded and all the security holes.
of course thats not true in most cases, but a lot of people get that feeling.

i prefer to be open about everything.

What he said

Except I would argue that software being fucking nasty, full of security holes, and full of bugs is probably true for about 95% of what's out there...

I would never buy a web "application" that was closed source... ever...

And what do you care if they modify it? That just means you no longer have to support it...

I can understand wanting to prevent it from being copied... but honestly... the only real way is to host it yourself and sell it as a service; or charge monthly for support or something. That model works for MySQL, various Linux distros, and everyone else open source; I think it should be able to work for your app.

u-Bob · 12-01-2010, 01:01 PM

Quote:

Originally Posted by myneid

when i come across small softwares that are encoded, my initial reaction is always that its encoded so that people cannot see how poorly it is coded and all the security holes.
of course thats not true in most cases, but a lot of people get that feeling.

same here.

GrouchyAdmin · 12-01-2010, 02:22 PM

As mentioned several times, ZendGuard is a dumb idea. It won't even work with PHP>5.2, and it's very hackish, and easy to decrypt. ionCube takes a bit more work, but if you're trying to keep it your own intellectual property, your best bet, as mentioned, is to encode the licensing bit, and ensure it uses an external call to your own servers every so often for an update.

Sure, if it's as simple as a 'return true/false', it's not gonna be hard to mess with, but if you make it a bit more inline for functionality, it'll likely be worth their time to just buy it rather than steal it.

Varius · 12-01-2010, 02:33 PM

Agree with others above; if you want to secure it, offer it as a service from your own servers or through an API.

If you want people to install it on their side, don't encrypt it - it's not worth the hassle.

Will some people spread your software around for free or run it across multiple sites, losing you potential revenue? Of course. Will you still be able to make a profit on a solid product? You sure can.

Zyber · 12-01-2010, 03:10 PM

Quote:

Originally Posted by myneid

the only way you can protect your source is by selling it as a servivce and hosting it yourself.

We have a winner!

HomerSimpson · 12-01-2010, 03:24 PM

Zend or Ioncube

qw12er · 12-01-2010, 08:59 PM

Quote:

Originally Posted by Zyber

We have a winner!

no we don't ... my clients are banks and mainstream corp. that won't let their data pass through an other server than the one they give me access.

It's a 200k $ software that deal with test (which is oftenly confidential) data.
(It's more than 80 000 lines of code)

I need something really strong and professional ...

raven1083 · 12-01-2010, 10:04 PM

ask those who are knowledgeable 'bout it

lagcam · 12-01-2010, 11:45 PM

Quote:

Originally Posted by qw12er

no we don't ... my clients are banks and mainstream corp. that won't let their data pass through an other server than the one they give me access.

It's a 200k $ software that deal with test (which is oftenly confidential) data.
(It's more than 80 000 lines of code)

I need something really strong and professional ...

You are worried that people paying $200k for your software are going to hack it, copy it or resell it?

I think you need to step out from that dark programming room, breathe some air and study the basic principles of business for a while.

12-01-2010, 09:08 AM	#1
qw12er Confirmed User Join Date: Apr 2004 Location: Montreal Posts: 799	Best way to protect your PHP software ? I'm about to deploy a php software onto a client server. What is my best way to make sure he doesn't alter/read/modify or make a copy of my software ? Zend Guard seems the best approach but is it really ? What are my other options ? thanks __________________ I have nothing to advertise ... yet.

12-01-2010, 09:19 AM	#2
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 76,946	you cant its all crackable even ion cube __________________ TRUMP 2025 KEKAW!!! - Support The Laken Riley Act!!! END DACA - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

12-01-2010, 09:31 AM	#4
ottopottomouse She is ugly, bad luck. Industry Role: Join Date: Jan 2010 Posts: 13,177	There's a deZender thing floating about that any idiot (no brains needed) could use on it. __________________ ↑ see post ↑ 13101

12-01-2010, 09:43 AM	#7
qw12er Confirmed User Join Date: Apr 2004 Location: Montreal Posts: 799	any other options !? __________________ I have nothing to advertise ... yet.

12-01-2010, 09:54 AM	#10
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	Why do you want to keep him from reading it or modifying it? Don't encode your software! __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com

12-01-2010, 09:57 AM	#11
qw12er Confirmed User Join Date: Apr 2004 Location: Montreal Posts: 799	because I need to put the files on their server ... __________________ I have nothing to advertise ... yet.

12-01-2010, 11:34 AM	#12
Broda Confirmed User Join Date: Feb 2003 Location: CheapAssDesigns.com Posts: 1,874	Chances are that he really has no interest in cracking it. If he does, he'll find a way around it, no matter how you encode it. So to make it ever more difficult for him, why don't you obfuscate the hll out of it? And apply plenty of evals where possible, as well. That would at least give you the satisfaction of knowing that it'll be a pain in the ss for whomever's going to crack it. A word of advice on that: remember to keep an unobfuscated copy for yourself ;) hehe __________________ CheapAssDesigns.com - when you need quality designs at affordable prices. icq: 230-729-205 info \|at\| cheap ass designs dot com

12-01-2010, 12:03 PM	#16
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	<--- never buys encoded scripts.

12-01-2010, 12:18 PM	#18
czarina Webmaster Extraordinaire Industry Role: Join Date: Jul 2002 Location: A beautiful beach... Posts: 10,744	use flash

12-01-2010, 02:22 PM	#22
GrouchyAdmin Now choke yourself! Industry Role: Join Date: Apr 2006 Posts: 12,085	As mentioned several times, ZendGuard is a dumb idea. It won't even work with PHP>5.2, and it's very hackish, and easy to decrypt. ionCube takes a bit more work, but if you're trying to keep it your own intellectual property, your best bet, as mentioned, is to encode the licensing bit, and ensure it uses an external call to your own servers every so often for an update. Sure, if it's as simple as a 'return true/false', it's not gonna be hard to mess with, but if you make it a bit more inline for functionality, it'll likely be worth their time to just buy it rather than steal it. __________________ AIM: GrouchyGfy

12-01-2010, 02:33 PM	#23
Varius Confirmed User Industry Role: Join Date: Jun 2004 Location: New York, NY Posts: 6,890	Agree with others above; if you want to secure it, offer it as a service from your own servers or through an API. If you want people to install it on their side, don't encrypt it - it's not worth the hassle. Will some people spread your software around for free or run it across multiple sites, losing you potential revenue? Of course. Will you still be able to make a profit on a solid product? You sure can. __________________ Skype variuscr - Email varius AT gmail

12-01-2010, 03:24 PM	#25
HomerSimpson Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Springfield Posts: 13,826	Zend or Ioncube __________________ Make a bank with Chaturbate - the best selling webcam program Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 \| Email:

12-01-2010, 10:04 PM	#27
raven1083 Confirmed User Join Date: Jul 2007 Posts: 7,687	ask those who are knowledgeable 'bout it __________________ Femdom Stories \| Bound BBW Blog and Videos \|Bondage Sex Videos and Pictures Hardcore Japanese Bondage \| BDSM Movies And Galleries Mistress Cuckold CBT