New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is their any IP proxy farrowed instead of incapsula/cloudflare
in short I want to hide my VPS address only I don't need cache/CDN. I tried **cloudflare **but they stupidly don't purge cache even after I setup Develop mode .
I tried **incapsula **free plane after I finish setup I discover they Put their shty brand logo inn my site foot Like old stupid free hosting .
I'm developing PHP script and offer free testing for potential client but I dont want expose my server IP to my competitions + i don't need cache at all since I modify CSS/php file frequency
Comments
for cloudflare, you sure it's not your local browser gets in the way ?
how about set up a individual VPS to proxy yourself with ?
it's gonna be few dollar per month only
https://en.wikipedia.org/wiki/Security_through_obscurity
Just rent a small VPS and setup nginx/etc as a proxy.
This. Even the smallest yearly plans will do just fine as a reverse proxy so $10 - $15 per year should be doable. It gets a bit pricier if you want DDoS protection but still pretty affordable i'd say.
Nope I clear the cache and I use different brows the same css file not changed ,
it take effect only after Purge cache manually from cloadflare panel . I think even in develop mode CF still use cache for period of time , this is the main reason I cant use it
The VPS are already small with budget yearly plane , current I don't have any way to do payment via internet , so I cant now buying new VPS .
anyway the reason I need to hide server real IP is to protect it from hacking attempts , I already secured my PHP codes but I'm not profession in security that way I want to be sure so no one can access my vps and stole my projects codes .
Then you're not going to have much luck.
never ever sell your product to anyone
ever
I know I think I'll be back to Cloadflare BTW the VPS are still the same of HV host , It's offline now OMG
Before I post it's back now but after embarrassed me with my customer .
consider learning to spend money on a proper vps?
I know but I need some cash now I was thinking sell it as SaaS but I don't have capita to prompt it . If the project finished I will tried to compile some of it parts to .so so PHP load it as machine codes (I'l use Zephir for that )
Why not use BunnyCDN with caching turned off? They use nginx proxy pass so it would be just like using a VPS nginx proxy but will cost less (if you use low traffic) and will be easier to manage. @BunnySpeed
You can set a page rule or a custom Cache-Control header in your webserver to bypass cloudflare caching for certain locations (even if there's Cache Everything page rule already enabled), provided that you set Browser Cache Expiration to Respect Existing Headers if you used custom header.
from: https://support.cloudflare.com/hc/en-us/articles/202775670-How-Do-I-Tell-Cloudflare-What-to-Cache-
As if that is an actual copy protection.
christ.
Not for another 10 days..
oh come on, OP fell for the "Cloudflare mentality" and believes that hiding an IP would harden his box somehow. if it's hackable, it will be hacked no matter what. possibly, a false sense of security would be even more dangerous to him given that his "security via obscurity" approach is possibly lacking in different areas (you're not even really obfuscating anything if you keep ssh on port 22 with PermitRootLogin: Yes and password "admin"). Consider that he has issues with CF's "Development mode"..
Once he has changed the root password to something sensible, stopped all the unused & unwarranted services and allowed only the nginx server on port 80/443, he's ready to create wonderful & precious byte-compiled PHP code
Best of luck to him
do you have better solution ! since I don't have Paypal to use Ioncube.
Even I know you are trolling but I already said I had no other options for now , btw ssh port already secured no one can reach it easy , but I'm aware from competitions not from newibe hackers since they hire expert to take down each others and that happened to friend of mine got huge DDoS attack to shutdown his site and make customers run away ,
I already set expires -1; with no effect , I may try to retest with other values
Nope. It would'nt change that much anyways. You wont find any out of the box copy protection worth shit. They all get broken. Usualy rather easily by any somewhat determined person. If you really want to go that route you will probably invest 100x more time into researching and implementing the protection than you spend on your actual project and unless you have a lot experience at low level programming just forget about it.
You could look into wartermarking. Not sure how that works out for PHP but it is usualy way more practical and effective than trying to copy protect something as you basically accept that you can't stop people from doing it but the marks will tell you who did it and by that you can exclude them from receiving updates or however you wanted to penalize it.
Just add a random query string to your file, like /thingy.php?r=12432342. Then, reload with different string. Should bypass the cache.
I'm not afraid from newbie hackers/crackers etc , most of my customers are not that expert in programing they cant break small code protections , all I need is time while until i build my brand name and the script got popular , even if someone steal it they cant pretend they are the one who make it , their is big chance on market i work in that any company steal my project and prompt it from themselves and I saw this happened multiple time m they steal developer work and claim it owned by them , Since they have big fund they will reach the audience very fast and I will lost all my rights ,
cracking compiled machine code script not an easy task and very expensive to them so they don't wast money on it ,
As far as getting (clear) source code is concerned you are right. On the other hand simply cracking it is not that much of a problem.
Edit: Guess i was wrong about that. A simple search turned up a handful of tools that seem to decode ionCube just fine.
we know easy4you.eu that does ioncube v9 decoding but we tested it against our ioncube v9 and v10 encoded php files and with the settings we set in the encoder they couldn't get anything decoded it gave a blank php file so not exactly depends on how "secure" you set the ioncube encoder settings on how easily crackable it is.
btw that for version 8 they have version 10 now , even I tried decode trial version of ver 9 and all online tools failed to decode it , As i mention earlier all I want is time and make the code looks hard to decode so the giveup earlier .
you can remove their brand logo, look at general setting -> web seal.
Google does not contain the real cracking, phreaking, or any tools worth a shit.
If some one wants to crack it WILL be cracked.
Ioncube has and WILL be cracked again. (yes even on the highest secure settings)
The guys that do this type of thing DO NOT run websites, nor do they publish they can do these things.
You CAN NOT hide the IP of a box connected to the internet. If anyone says they can they are full of shit.
Code obfuscation beats most newbs but in no way should be used as "security"
Yep, times when there was an open scene for those types of things are long gone or at least you have to know where to look for one of the few remaining places that have not died or moved underground years and years ago. What finds its way to the public usually leaked somewhere. So these tools are very likely to exist even if the top 5 results in google are outdated. It'll just take some time for them to leak again or a bit more effort to locate a source.
I'd humbly suggest OP at this point to stop wondering about how to crypto-hide his precious PHP and learn how to
properly secureminimally administer a demo-site, it seems he's pretty much focusing a lot of efforts in the wrong directions. Rather than worrying about obfuscating a script, he could learn how to provide a service or how to adoptnoderubya saner language. Rather than messing with proxies he could minimally learn how to drop packets and stop services. I have a hard time believing that State level adversaries are hunting his 128MB OVZ featuring PHP code like nobody's business, clogging his providers' pipes to the nullroute point of no returnapp-c83Sd4.cssOvh SSL gateway? It's intended to give you a free SSL but acts as a proxy as well. Bonus is you'll benefit from their Ddos protection at the same time.