Some things are changing … soon
I was supposed to be on the new payment model for CommentLuv Premium by now.
but I couldn’t for 2 reasons…
1. health reasons are the main cause
2. I bought a house!
combine 1 and 2 and you have a recipe for arrrrggghh!
First thing to change…
Before I move everything to a new payment model with 6 monthly subscription for updates (and some really nice extras) I have to set the plugin security to use ionCube
If you don’t know, ionCube is a way to encode a php file so it can’t be reverse engineered or nulled.
You have to have the ioncube loader installed to your server but luckily, almost all decent hosting has it already.
hostgator hosting has it
rackspace does too
and many others
I tried obfuscation of the code and that works up to a point but once it has been cracked, it’s basically game over unless you want to spend ages sending out DMCA notices (which I’ve done before – successfully)
I know it wont be popular with a few people.
mainly those with cheap and nasty hosting or self built or co-located servers where there was no need for the owner to install php with ioncube included.
thankfully I’ve been monitoring CommentLuv Premium stat checks for the past month and a half and the number of sites without ioncube is very small
although, in most cases where ioncube isn’t installed – it can be!
it’s not a security risk and it doesn’t tax the server resources so there’s no reason why a hosting provider can’t install it to someones hosting.
When the new payment model comes in, I want to try some free trial packages
and also monthly subscription based payment systems instead of the one big lump sum
having unprotected code with these types of systems is not good if someone cracks it and it goes out on blackhat forums
trust me, I monitor those forums and it constantly surprises me at how quick something appears as nulled so soon after it was released.
I have issued DMCA warnings to some sites and gotten commentluv taken off and added to the ‘don’t crack’ list
but for the time it is up it hurts for two reasons..
1. it means lost money!
2. more than money lost, it is dangerous because cracked or nulled versions can’t get updated and any bugs or worse, vulnerabilities, wont get patched.
the nulled version of commentluv that is going around has a serious security problem.
I managed to fix it very quickly in the legitimate version but the nulled one still has the bug and no chance of getting it patched because, well, it’s an illegal copied version. (btw…no legitimate customer has the bugged version)
(it’s a pretty serious bug too so if you have a nulled version, expect to get your site owned by a hacker soon)
First thing that I need to do is update the plugin and auto update system to not allow updating to a version that has IonCube encoded files if the server doesn’t have the extension installed
then I have to make sure that any auto updates from old versions that don’t send the IonCube status of the server to download the non-ioncube version first.
this is something I have been thinking about for quite a while and I’m pretty sure I know what to do so it is as smooth as possible to transition to the new code
the work starts after the weekend… (if my hands and eyes are working properly) <- health issues!
I’ll be sure to get some knowledgebase articles ready before it gets implemented..