I dont know what to say. About 3 days ago I released a script to the public. Today I realised, after searching on google that someone had already nulled (removed my protection) and pirated the script.
Ad Server Script Nulled Script
Download: https://distlittblacem.blogspot.com/?l=2tLSj4
Any code that is released public has a chance of being hacked. This is the number one reason why Javascript is not secure. No matter how much you will obfuscate it, compress it or translate it to some random japanese dialect, it is still source code that the user has access to. Hence it should not contain any sensible information such as passwords or such. All sensible data should be stored in the server side where it is kept hidden from the user.
If you are releasing a php framework containing both the server and client code; then you have no way of fully protecting yourself. PHP is, like Javascript, an interpreted language. You may translate it, compress it, or obfuscate it as much as you want, (and it's probably the best thing you can do) you will never fully protect it when released to the public.
Also keep in mind that DRM and other solutions are often controversial, and will reduce your sales (especially among early-adopters). On a personal level, I would suggest viewing this as a compliment. After all, your script was useful enough that someone bothered to pirate it within a week!
PHP is easily decoded, so for people who really want to know, it's easy to find out the source code. However, there are certain obfuscator programs such as this one that'll make your PHP script almost unreadable for those trying to decode it.
Try ionCube or Zend Guard. They are both commercial offerings, but you say that you are selling your software so it might be worth it. Although nothing is foolproof and can be reverse engineered with enough effort and technical skill, these solutions are probably good enough for the average PHP script vendor.
I agree with Samoz's suggestion to keep the logic server side, however this can often be hard to do. The best strategy is to make the user want to buy it by offering updates automatically to registered users, as well as installation, advice and good support. You are never going to sway people hell bent on pirating, however your goal should be to persuade those who are undecided as to whether to pirate or purchase the script.
Jumping in very late to this conversation, but saw this question featured. Nobody mentioned contacting a lawyer and pursuing litigation. You likely saw the script on a server - hosted by a known hosting company - you can probably get a DMCA takedown to have the script removed. If you really press the case, you may be able to sue for damages.
If your script won't consume a lot of bandwidth, you could keep your \"logic\" server-side, as samoz suggested, but if your users won't use it responsively ( a crawler, for example ), this could be trouble.
In general it's hard to prevent users from stealing code when the program is written in a scripting language and distributed in plain text. I've found that did a really nice job of being able to sell PHP code but still give the code to users.
Nulled scripts are commercial web applications that you can obtain from pirate websites that have been modified to work without a license key. They are the web equivalent of pirated software. They include commercial WordPress themes and plugins.
Yeah, I knew about this some months ago.I downloaded a script for study and suddenly my Avast! Antivirus alerted.On scanning I discovered social.png was the culprit.So I simply used the antivirus to remove it and then saw the above php code in the theme files and removed it too.Now it is standard practice to scan every theme I get no matter the source. Safer that way.
This is something you need to pay particular attention with when switching themes. There are certain themes that have features where you can add the meta description, title tags, etc from the theme backend.
Het Nederlandse beveiligingsbedrijf Fox-IT ontdekte dat er duizenden plug-ins en thema's voor de populaire contentmanagementsystemen in omloop zijn die voorzien zijn van CryptoPHP. Van die malware zouden inmiddels zestien verschillende versies zijn. Het bedrijf schat dat er minstens een paar duizend sites besmet zijn. De ontwikkelaars van CryptoPHP zouden sitebeheerders verleiden met illegale versies van add-ons, waar ze normaal gesproken voor zouden moeten betalen. Zo kwamen de scripts van onder andere de Nulledstyles.com- en Dailynulled-sites met zogenoemde 'nulled scripts'. 076b4e4f54