How do you protect your work?

CrispinP

CrispinP

Well-known member
Folks,

I am about to release a new paid-for add-on and was wondering - how do others with paid add-ons protect their work?

Seeing as it is PHP and the user will have the source, it's almost impossible for me to put a phone-home-and-check-key feature in because it can be commented out.

So, unless there is a way to compile php to a binary then what options do people have? I know there are null communities out there, I've browsed them but never actually used them.

Curious...

C.
 
CrispinP said:
Folks,

I am about to release a new paid-for add-on and was wondering - how do others with paid add-ons protect their work?

Seeing as it is PHP and the user will have the source, it's almost impossible for me to put a phone-home-and-check-key feature in because it can be commented out.

So, unless there is a way to compile php to a binary then what options do people have? I know there are null communities out there, I've browsed them but never actually used them.

Curious...

C.
Click to expand...
Well what i see other developers do is a API callback to their API server to see if the license is at the correct site or invalid for the site.
 
Kirk said:
Well what i see other developers do is a API callback to their API server to see if the license is at the correct site or invalid for the site.
Click to expand...
But what stops me (or some naughty person) from commenting out that line and returning true? Or is it not really a problem because people have actually paid for them so they're less likely to spread them around?


Chris D said:
There are however some strict guidelines surrounding that approach.
Click to expand...
Thanks for that. It's all sensible. I've been catching up on the thread about ****** (or was it *******? :p) Pretty unfortunate but seems to have been handled well.
 
CrispinP said:
Thanks for that. It's all sensible. I've been catching up on the thread about ****** (or was it *******? :p) Pretty unfortunate but seems to have been handled well.
Click to expand...

It was *** ** **** ** ****** ** ****. Certain things we don't speak about here.

If you are a US dev feel free to throw 30 bucks at copyrighting a major work. Either way if an XF dev is obviously stealing code make complaints. If you catch a pirate serve their host with a DMCA request if its US based. Take some easy actions but don't invest your life into it.

Your code is getting jacked, your plugins will be pirated. Every moment you spend worrying about it or trying to prevent it will likely be time spent not making money.
 
  • Like
Reactions: Xon
CrispinP said:
But what stops me (or some naughty person) from commenting out that line and returning true? Or is it not really a problem because people have actually paid for them so they're less likely to spread them around?
Click to expand...

Since you can't distribute binaries, you can't really prevent this. Also I would not recommend to sacrifice performance over piracy prevention, never works out well. :)

But you could rely on pirates being lazy. Commenting out a licence check callback is pretty easy. But if your addon creates some front end templates that will get exposed to search engines, you could search for addon-specific code snippets and check if there are any sites in the results that you never heard of. ;)
 
MaGeFH said:
But if your addon creates some front end templates that will get exposed to search engines, you could search for addon-specific code snippets and check if there are any sites in the results that you never heard of. ;)
Click to expand...
Quite like that idea. Easter eggs of yesteryear :)
 
CrispinP said:
Quite like that idea. Easter eggs of yesteryear :)
Click to expand...

Prefixed css classes work out quite well here. Something like "magefh_addonname_container".

If someone would want to remove that they have to scour all the templates and css files of the addon. Depending on the addon size this could be a pretty time-consuming task.
 
MaGeFH said:
Since you can't distribute binaries, you can't really prevent this. Also I would not recommend to sacrifice performance over piracy prevention, never works out well. :)
Click to expand...
I've got my MIT licenced free add-ons showing up on null-ware sites.

I haven't been bothered enough to see if they are stripping the LICENCE file out of the distributable zip to see if they are copying it without permission :p
 
Xon said:
I've got my MIT licenced free add-ons showing up on null-ware sites.

I haven't been bothered enough to see if they are stripping the LICENCE file out of the distributable zip to see if they are copying it without permission :p
Click to expand...
That's what it boils down to isn't it. is it worth the hassle? :(
 
One of your best defenses is the XenForo License Validation. XenForo takes an active roll in taking action against those that violate it's licensing terms (see restrictions and termination sections of the license agreement). That's not to say it's perfect, but it is a big help. Many of us don't even allow posting in our add-on forums until the member has validated their XF license.
 
Last edited:
Snog said:
One of your best defenses is the XenForo License Validation. XenForo takes an active roll in taking action against those that violate it's licensing terms (see restrictions and termination sections of the license agreement). That's not to say it's perfect, but it is a big help. Many of us don't even allow posting in our add-on forums until the member has validated their XF license.
Click to expand...

Only it has the added hassle that I have with your site at the moment lol. I keep having our owner @Soulzz generate and send validation tokens and they wont work so we can get updates. I try to use my license and of course it tells me the domain doesn't match. Fast (vetsfast) is the one that bought the actual plugin though.
 
rainmotorsports said:
Only it has the added hassle that I have with your site at the moment lol. I keep having our owner @Soulzz generate and send validation tokens and they wont work so we can get updates. I try to use my license and of course it tells me the domain doesn't match. Fast (vetsfast) is the one that bought the actual plugin though.
Click to expand...
Have you tried contacting me on my site?

Under normal circumstances, the only one that can download the add-on is vetsfast (he owns the add-on). And he has not been on my site since November of last year. So from that standpoint, the system is working as intended.
 
Last edited:
Snog said:
Have you tried contacting me on my site?

Under normal circumstances, the only one that can download the add-on is vetsfast (he owns the add-on). And he has not been on my site since November of last year. So from that standpoint, the system is working as intended.
Click to expand...

November is likely the last time I tried. I run the site and the purchases are made from one PayPal by either Soulzz or fast. At the end of the day either they are around to do it or I have to do it. Kind of the reason why Xenforo allows you to attach 4 accounts to access the resource manager here. They know larger sites than us aren't managed by a single person.

I gave up since I won't be able to get them together to handle the situation. I believe at one point you had to wipe the validations from your site or something.

Pretty much no one but Xenforo is setup for multiple users and even then validation is only setup for the customer account.
 
rainmotorsports said:
November is likely the last time I tried. I run the site and the purchases are made from one PayPal by either Soulzz or fast. At the end of the day either they are around to do it or I have to do it. Kind of the reason why Xenforo allows you to attach 4 accounts to access the resource manager here. They know larger sites than us aren't managed by a single person.

I gave up since I won't be able to get them together to handle the situation. I believe at one point you had to wipe the validations from your site or something.

Pretty much no one but Xenforo is setup for multiple users and even then validation is only setup for the customer account.
Click to expand...
Actually I am set up for more than one user, but it is a manual process.

Contact me on my site by PC. I'll need some information that shouldn't be posted in public.
 
You must log in or register to reply here.

Similar threads

B
  • Question Question
XF 2.2 How do you make a user an administrator?
Replies
2
Views
21
bennylava
B
R
How do you work on SEO in your Forum?
Replies
3
Views
118
Rycky
R
Danny88
How do you properly do backup in live site?
Replies
14
Views
1K
Paul B
P
AjayJunkies
How do you feel forums have changed over the last 15 years? What do you miss?
Replies
5
Views
151
javakhir
javakhir
fionix
How do you avoid your server IP to be leaked using Cloudflare?
2
Replies
21
Views
261
MentaL
MentaL
Back
Top Bottom