• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How do you protect your work?

CrispinP

Well-known member
#1
Folks,

I am about to release a new paid-for add-on and was wondering - how do others with paid add-ons protect their work?

Seeing as it is PHP and the user will have the source, it's almost impossible for me to put a phone-home-and-check-key feature in because it can be commented out.

So, unless there is a way to compile php to a binary then what options do people have? I know there are null communities out there, I've browsed them but never actually used them.

Curious...

C.
 

Kirk

Well-known member
#2
Folks,

I am about to release a new paid-for add-on and was wondering - how do others with paid add-ons protect their work?

Seeing as it is PHP and the user will have the source, it's almost impossible for me to put a phone-home-and-check-key feature in because it can be commented out.

So, unless there is a way to compile php to a binary then what options do people have? I know there are null communities out there, I've browsed them but never actually used them.

Curious...

C.
Well what i see other developers do is a API callback to their API server to see if the license is at the correct site or invalid for the site.
 

CrispinP

Well-known member
#4
Well what i see other developers do is a API callback to their API server to see if the license is at the correct site or invalid for the site.
But what stops me (or some naughty person) from commenting out that line and returning true? Or is it not really a problem because people have actually paid for them so they're less likely to spread them around?


There are however some strict guidelines surrounding that approach.
Thanks for that. It's all sensible. I've been catching up on the thread about ****** (or was it *******? :p) Pretty unfortunate but seems to have been handled well.
 

rainmotorsports

Well-known member
#5
Thanks for that. It's all sensible. I've been catching up on the thread about ****** (or was it *******? :p) Pretty unfortunate but seems to have been handled well.
It was *** ** **** ** ****** ** ****. Certain things we don't speak about here.

If you are a US dev feel free to throw 30 bucks at copyrighting a major work. Either way if an XF dev is obviously stealing code make complaints. If you catch a pirate serve their host with a DMCA request if its US based. Take some easy actions but don't invest your life into it.

Your code is getting jacked, your plugins will be pirated. Every moment you spend worrying about it or trying to prevent it will likely be time spent not making money.
 
#8
But what stops me (or some naughty person) from commenting out that line and returning true? Or is it not really a problem because people have actually paid for them so they're less likely to spread them around?
Since you can't distribute binaries, you can't really prevent this. Also I would not recommend to sacrifice performance over piracy prevention, never works out well. :)

But you could rely on pirates being lazy. Commenting out a licence check callback is pretty easy. But if your addon creates some front end templates that will get exposed to search engines, you could search for addon-specific code snippets and check if there are any sites in the results that you never heard of. ;)
 

CrispinP

Well-known member
#9
But if your addon creates some front end templates that will get exposed to search engines, you could search for addon-specific code snippets and check if there are any sites in the results that you never heard of. ;)
Quite like that idea. Easter eggs of yesteryear :)
 
#10
Quite like that idea. Easter eggs of yesteryear :)
Prefixed css classes work out quite well here. Something like "magefh_addonname_container".

If someone would want to remove that they have to scour all the templates and css files of the addon. Depending on the addon size this could be a pretty time-consuming task.
 

Xon

Well-known member
#11
Since you can't distribute binaries, you can't really prevent this. Also I would not recommend to sacrifice performance over piracy prevention, never works out well. :)
I've got my MIT licenced free add-ons showing up on null-ware sites.

I haven't been bothered enough to see if they are stripping the LICENCE file out of the distributable zip to see if they are copying it without permission :p
 

CrispinP

Well-known member
#13
I've got my MIT licenced free add-ons showing up on null-ware sites.

I haven't been bothered enough to see if they are stripping the LICENCE file out of the distributable zip to see if they are copying it without permission :p
That's what it boils down to isn't it. is it worth the hassle? :(
 

Snog

Well-known member
#14
One of your best defenses is the XenForo License Validation. XenForo takes an active roll in taking action against those that violate it's licensing terms (see restrictions and termination sections of the license agreement). That's not to say it's perfect, but it is a big help. Many of us don't even allow posting in our add-on forums until the member has validated their XF license.
 
Last edited:

rainmotorsports

Well-known member
#15
One of your best defenses is the XenForo License Validation. XenForo takes an active roll in taking action against those that violate it's licensing terms (see restrictions and termination sections of the license agreement). That's not to say it's perfect, but it is a big help. Many of us don't even allow posting in our add-on forums until the member has validated their XF license.
Only it has the added hassle that I have with your site at the moment lol. I keep having our owner @Soulzz generate and send validation tokens and they wont work so we can get updates. I try to use my license and of course it tells me the domain doesn't match. Fast (vetsfast) is the one that bought the actual plugin though.
 

Snog

Well-known member
#16
Only it has the added hassle that I have with your site at the moment lol. I keep having our owner @Soulzz generate and send validation tokens and they wont work so we can get updates. I try to use my license and of course it tells me the domain doesn't match. Fast (vetsfast) is the one that bought the actual plugin though.
Have you tried contacting me on my site?

Under normal circumstances, the only one that can download the add-on is vetsfast (he owns the add-on). And he has not been on my site since November of last year. So from that standpoint, the system is working as intended.
 
Last edited:

rainmotorsports

Well-known member
#17
Have you tried contacting me on my site?

Under normal circumstances, the only one that can download the add-on is vetsfast (he owns the add-on). And he has not been on my site since November of last year. So from that standpoint, the system is working as intended.
November is likely the last time I tried. I run the site and the purchases are made from one PayPal by either Soulzz or fast. At the end of the day either they are around to do it or I have to do it. Kind of the reason why Xenforo allows you to attach 4 accounts to access the resource manager here. They know larger sites than us aren't managed by a single person.

I gave up since I won't be able to get them together to handle the situation. I believe at one point you had to wipe the validations from your site or something.

Pretty much no one but Xenforo is setup for multiple users and even then validation is only setup for the customer account.
 

Snog

Well-known member
#18
November is likely the last time I tried. I run the site and the purchases are made from one PayPal by either Soulzz or fast. At the end of the day either they are around to do it or I have to do it. Kind of the reason why Xenforo allows you to attach 4 accounts to access the resource manager here. They know larger sites than us aren't managed by a single person.

I gave up since I won't be able to get them together to handle the situation. I believe at one point you had to wipe the validations from your site or something.

Pretty much no one but Xenforo is setup for multiple users and even then validation is only setup for the customer account.
Actually I am set up for more than one user, but it is a manual process.

Contact me on my site by PC. I'll need some information that shouldn't be posted in public.