如何阻止海盗? 有人已经取消并盗版了我的脚本:(
我不知道该说些什么。 大约三天前,我向公众发布了一个脚本。 今天我在谷歌上搜索后意识到有人已经取消了(取消了我的保护)并盗版了该脚本。
如何阻止用户盗版脚本? 它是用 PHP 编写的。
请帮助或建议一些解决方案。
感谢您的时间。
更新 通过向公众发布意味着我已经开始将其出售给用户。
更新 我的程序价格仅为 49 美元。 对于它提供的功能来说非常合理。 我不明白应该如何阻止盗版者盗用我的代码。 大多数人的回答都带有讽刺意味。 我希望得到一些好的建议。 我知道没有灵丹妙药。 但是您在 PHP 程序中使用过一些技术。
I dont know what to say. About 3 days ago I released a script to the public. Today I realised, after searching on google that someone had already nulled (removed my protection) and pirated the script.
How do I stop users from pirating the script? It is written in PHP.
Please help or suggest some solutions.
Thank you for your time.
UPDATE By releasing to the public means that I have started selling it to users.
UPDATE My program is priced at only $49. Very reasonable for the functionality it offers. I do not understand how I should stop pirates from pirating my code. The replies which most people have given are rather sarcastic. I was hoping for some good advice. I know there is no silver-bullet. But some techniques which you have used in your PHP programs.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(23)
混淆确实添加了一些东西。 尝试修改你的代码不会很有趣,至少即使他们可以采用它的第一个版本。 在最好的情况下,他们会尝试找到一些做类似事情的开源项目。 我猜这至少可以快速解决您的问题?
Obfuscation do add something. It will not be fun to try to modify your code at least even if they can take the first version of it. In best case they will try to find some open source project that does something similar. Guess this would give you an fast fix at least for your problem?
防止盗版的唯一真正方法是根本不向用户提供程序! 我的意思是让您想要保护的逻辑保留在服务器端并提供客户端接口。
有一些公司提供保护服务,但这些服务价格昂贵,有时仍然可以克服。
如果您担心这种情况再次发生,请尝试混淆您的代码。 这里是一个免费程序,可以在 PHP 代码上执行此操作。
The only real way to prevent piracy is to not give the user the program at all! What I mean by this is have the logic you want to protect remain server side and offer a client interface.
There are a few companies that offer protection services, but these are expensive and can sometimes still be overcome.
If you're worried about this happening again, try obfuscating your code. Here is a free program to do just that on PHP code.
我并不是想在这里讽刺:忘记他们吧。 这是我的理由:
您可以花费大量时间尝试
防止盗版者盗用您的
东西,或者你可以花同样的钱
支付费用的时间
用户更多的功能。
极端的版权保护只会给您的付费用户带来更多好处
跳过铁环来使用你的
应用程序 - 这可能会引导他们
感到沮丧。
盗版者会盗版您的应用程序
无论你花费多少时间
试图阻止他们。
预算一定
投入基本副本的时间
保护 - 足以保持
诚实的人诚实。
最重要的是:不要激怒您的付费客户。
它们是你需要做的
快乐。
I'm not trying to be sarcastic here: forget about them. Here's my rationale:
You can spend tons of time trying to
prevent pirates from pirating your
stuff, or you can spend the same
amount of time giving your paying
users more functionality.
Extreme copy protection does not give your paying users anything but more
hoops to jump through to use your
application - which might lead them
to get frustrated.
Pirates will pirate your applications
no matter how much time you spend
trying to stop them.
Budget a certain
amount of time to put in basic copy
protection - just enough to keep the
honest people honest.
Most importantly: Don't irritate your paying customers.
They are the ones you need to make
happy.
你无能为力。
受宠若惊,您的工作被认为是值得的!
There's not much you can do.
Be flattered your work was deemed worth the effort!
不要向公众发布合理的源代码...
[编辑] 经过几次否决后,我决定对我的答案发表评论:
任何公开发布的代码都有一个被黑客攻击的机会。 这是 Javascript 不安全的首要原因。 无论你如何混淆它、压缩它或将其翻译成某种随机的日语方言,它仍然是用户拥有的源代码
如果您要发布一个包含服务器和客户端代码的 php 框架; 那么您就无法完全保护自己。 PHP 与 Javascript 一样,是一种解释性语言。 您可以根据需要对其进行翻译、压缩或混淆(这可能是您能做的最好的事情),当向公众发布时,您将永远完全保护它。
再说一遍……如果有一种神奇的方法可以防止代码被破坏,那么它早就为人所知了。 现在新游戏/软件的无光盘补丁/破解几乎与软件本身在同一天发布。 正如保罗所指出的,这是对你的一种奉承,尽管我理解你可能会感到多么遗憾。
在某些情况下,程序员最终会获得防弹保护,但通常涉及高-结束工程。
Do not release sensible source code to the public...
[EDIT] After a few downvotes, I decided to comment on my answer:
Any code that is released public has a chance of being hacked. This is the number one reason why Javascript is not secure. No matter how much you will obfuscate it, compress it or translate it to some random japanese dialect, it is still source code that the user has access to. Hence it should not contain any sensible information such as passwords or such. All sensible data should be stored in the server side where it is kept hidden from the user.
If you are releasing a php framework containing both the server and client code; then you have no way of fully protecting yourself. PHP is, like Javascript, an interpreted language. You may translate it, compress it, or obfuscate it as much as you want, (and it's probably the best thing you can do) you will never fully protect it when released to the public.
Again... If there was a magic way to prevent code from being broken, it would have been known for a long time. No-cd patches / cracks for new games/softwares now are almost released the same day as the softwares themselves. It is, as noted by Paul, a form of flattery for you, even though I understand how sorry you may feel.
There are a few instances where programmers ended up with bullet-proof protection, but it usually involved high-end engineering.
对于 PHP,你基本上不走运。 它是一种解释性语言,这意味着您基本上被迫放弃源代码。 当然,存在混淆器(“扰乱”源代码以使其几乎无法被人类阅读的工具),但它们也可以被规避。
有像 Zend Guard 这样的产品似乎提供了更好的保护级别,但是据我了解,您的客户也需要安装 Zend Guard,但这种情况几乎从来没有发生过。
With PHP, you're mostly out of luck. It's an interpreted language, which means that you are essentially forced to give away the source code. Sure, there are obfuscators (tools that "scramble" the source code to make it near impossible to read for humans), but they can be circumvented as well.
There are product like Zend Guard which seem to offer a better level of protection, but from my understanding, your customers need Zend Guard installed as well, which is almost never the case.
有几种方法可以解决这个问题:
可悲的事实是信息无法完全得到保护。 没有办法阻止印度程序员团队对您的程序进行逆向工程。 因此,您只需比他们更好,并不断改进您的产品(这是“一件好事(TM)”,所以无论如何都要这样做)
还要记住,DRM 和其他解决方案经常引起争议,并且会减少您的销售额(特别是在早期采用者中)。 就个人而言,我建议将此视为一种赞美。 毕竟,您的脚本非常有用,以至于有人在一周内费尽心思盗版它!
There are several methods of handling this:
The sad fact is that information cannot be secured completely. There is no way to prevent a team of Indian programmers from reverse engineering your program. So you just have to be better than them, and constantly improve your product (this is "A Good Thing (TM)", so do it anyways)
Also keep in mind that DRM and other solutions are often controversial, and will reduce your sales (especially among early-adopters). On a personal level, I would suggest viewing this as a compliment. After all, your script was useful enough that someone bothered to pirate it within a week!
PHP很容易被解码,所以对于真正想了解的人来说,很容易找到源代码。 然而,有一些混淆器程序,比如这个,它会让你的 PHP 脚本几乎对于那些试图解码它的人来说是不可读的。
PHP is easily decoded, so for people who really want to know, it's easy to find out the source code. However, there are certain obfuscator programs such as this one that'll make your PHP script almost unreadable for those trying to decode it.
无论如何,您认为您已经向 PHP 脚本添加了什么样的保护? 您应该添加一行以下形式的行:
if ($pierated)
exit();
,然后强制(在许可协议中)用户相应地设置
$pierated
变量。What kind of protection did you think you had added to a PHP script, anyway? You should add a line of the form:
if ($pirated)
exit();
and then make it mandatory (in the licence agreement) that users set the
$pirated
variable accordingly.忘记试图阻止它
走CakePHP(参见首页侧边栏)和许多其他开源项目的方式并询问捐款。
人们确实这样做了!
Forget trying to prevent it
Go the way of CakePHP (see sidebar on front page) and many other open source projects and ask for donations.
People actually do it!
联系盗版者并让他知道,如果他们不遵守许可证,您将被迫对他们采取法律行动。
Contact the pirate and let h{im,er} know that you will be forced to take legal action against them if they do not abide by the license.
我同意@Michael 的观点。
尝试 ionCube 或 Zend Guard。 它们都是商业产品,但你说你正在销售你的软件,所以它可能是值得的。 尽管没有什么是万无一失的,并且可以通过足够的努力和技术技能进行逆向工程,但这些解决方案对于普通 PHP 脚本供应商来说可能已经足够好了。
I agree with @Michael.
Try ionCube or Zend Guard. They are both commercial offerings, but you say that you are selling your software so it might be worth it. Although nothing is foolproof and can be reverse engineered with enough effort and technical skill, these solutions are probably good enough for the average PHP script vendor.
我同意 Samoz 保留逻辑服务器端的建议,但这通常很难做到。 最好的策略是通过向注册用户自动提供更新以及安装、建议和良好的支持来让用户愿意购买它。 你永远不会影响那些一心想要盗版的人,但你的目标应该是说服那些犹豫是否要盗版还是购买脚本的人。
任何 PHP 混淆/解密技术都可以被破解
I agree with Samoz's suggestion to keep the logic server side, however this can often be hard to do. The best strategy is to make the user want to buy it by offering updates automatically to registered users, as well as installation, advice and good support. You are never going to sway people hell bent on pirating, however your goal should be to persuade those who are undecided as to whether to pirate or purchase the script.
Any obfuscation/decryption technique for PHP can be cracked
很晚才介入这次对话,但看到了这个问题。 没有人提到联系律师并提起诉讼。 您可能在由知名托管公司托管的服务器上看到了该脚本,您可能可以通过 DMCA 删除来删除该脚本。 如果你真的按案子的话,也许可以起诉要求赔偿。
找到此链接以帮助走这条路线:
http://www.keytlaw.com/Copyrights/cheese.htm
Jumping in very late to this conversation, but saw this question featured. Nobody mentioned contacting a lawyer and pursuing litigation. You likely saw the script on a server - hosted by a known hosting company - you can probably get a DMCA takedown to have the script removed. If you really press the case, you may be able to sue for damages.
Found this link to assist in going this route:
http://www.keytlaw.com/Copyrights/cheese.htm
你总是可以自己将其盗版到互联网上,并希望任何无效者都会认为“它已经被抢走了”,所以不必费心。 但盗版的是真正有缺陷的版本。 当用户向您寻求帮助时,如果他们向您询问您故意添加的特定错误,您就会知道他们有盗版版本,您可以相应地处理他们
You could always pirate it yourself to the internet and hope that any nuller will think "its already been grabbed" so don't bother. But pirate a real buggy version. When users come to you looking for help you'll know they have a pirate version if they question you about specific bugs you purposely added and you can approach them accordingly
如果您的脚本不会消耗大量带宽,您可以将“逻辑”保留在服务器端,如萨莫斯建议的那样,但如果您的用户不会响应地使用它(例如爬虫),这可能会带来麻烦。
另一方面,你也可以成为一名忍者......
If your script won't consume a lot of bandwidth, you could keep your "logic" server-side, as samoz suggested, but if your users won't use it responsively ( a crawler, for example ), this could be trouble.
On the other side, you could become a ninja ...
附上版权声明。 有些公司实际上会关心他们是否正确使用软件。
Attach a copyright notice to it. Some companies will actually care that they're using software properly.
事实上,我认为保护 PHP 脚本比保护桌面软件更容易,因为使用后者你永远不知道谁在运行破解版本。
另一方面,对于 PHP,如果人们在公共 Web 服务器上运行您的软件,您可以轻松找到它们并将其删除。 找个律师然后把他们交给警察就可以了。 如果他们取消对您的保护,从而为您提供更多弹药,也可能违反了 DMCA 法律。
保护代码的技术方法是混淆。 它基本上使您的代码像编译语言(如 Java)中的二进制文件一样不可读。 当然逆向工程是可能的,但需要更多的工作。
Actually I think it's easier to protect PHP scripts than desktop software, because with latter you never know who is running the cracked copy.
In case of PHP on the other hand, if people run your software on public web servers, you can easily find them and take them down. Just get a lawyer and turn them in to the police. They could also be breaking DMCA laws if they remove your protection so that gives you even more ammunition.
Technical way to protect your code is obfuscation. It basically makes your code unreadable like binaries in compiled languages (like Java). Of course reverse engineering is possible, but needs more work.
一般来说,当程序是用脚本语言编写并以纯文本形式分发时,很难阻止用户窃取代码。 我发现 http://feedafever.com/ 在销售 PHP 代码方面做得非常好但仍然将代码提供给用户。
但问题的解决方案很大程度上取决于程序的领域。 该脚本是否在没有互联网连接的用户计算机上运行? 或者这可以是托管服务吗?
我还建议您查看一些您最喜欢的软件,看看它们是如何说服您最初付费的。 我发现的问题并不总是“我如何防止我的用户窃取我的软件”,有时更多的是“我如何说服我的用户向我付款符合他们的最大利益”。 当您的产品定价过高时,软件盗版通常就会出现(询问您的朋友,他们愿意为像您销售的软件包这样的软件包支付多少钱,我发现我的软件历来定价过高 20%)。
无论如何,我希望这会有所帮助。 我很高兴您正在尝试创建对用户有用且不会造成严重损害的软件。 我个人认为所有非收缩包装或 SAAS 的软件都应该免费,但我完全理解我们都需要吃饭。
In general it's hard to prevent users from stealing code when the program is written in a scripting language and distributed in plain text. I've found that http://feedafever.com/ did a really nice job of being able to sell PHP code but still give the code to users.
But the solution to your problem is very dependent on the domain of your program. Does this script run on the users machine with no internet connection? Or could this be a hosted service?
I'd also suggest looking at some of your favorite software, and seeing how they convinced you to pay for it initially. The issue I find isn't always "how can I prevent my users from stealing my software" but sometimes more "how do I convince my users that it's in their best interests to pay me". Software piracy often comes when your product is overpriced (Ask your friends what they would pay for a software package like the one you are selling, I've found that I have historically overpriced my software by 20%).
Anyway, I hope this helps. I'm glad that you are trying to create software that is useful to users and also not incredibly crippled. I personally of the mind that all software that isn't shrink wrapped or SAAS should be free, but I totally understand that we all need to eat.
诀窍不是试图阻止盗版(从长远来看,这是一场失败的战斗),而是使产品的合法版本比盗版版本更容易访问和/或更实用。
“使其更具功能性”通常意味着向注册用户提供涉及附加功能或服务,而这些功能或服务是盗版者无法免费复制的。 这可能是印刷材料(用户手册、礼券等)、电话支持或帮助设置产品等服务,或者软件中的在线附加服务。
我要指出的是,像 RedHat 这样的公司能够通过销售开源软件赚到很多钱。 该软件本身是免费提供的——您可以免费下载并使用它,而无需向 RedHat 支付一分钱。 但人们仍然为此付钱。 为什么? 因为他们提供额外的服务。
“使其更易于访问”意味着使您的正版软件比盗版软件更容易获得。 如果有人访问 Google 寻找您的软件,并且第一个结果是盗版下载网站,他们就会获取盗版副本。 如果第一个结果是您的主页,他们更有可能购买它。 这对于低成本软件尤其重要:盗版软件可能是“免费”的,但通常需要付出更多努力才能获得。 如果这种努力被合法购买的低成本和省力所抵消,那么您就赢得了这场战斗。
The trick is not to try to prevent the piracy (in the long term, this is a losing battle), but to make the legitimate version of your product more accessible and/or more functional than the pirate versions.
"Making it more functional" generally means providing involves additional features or services to registered users, which cannot be replicated for free by the pirates. This may be printed materials (a users manual, a gift voucher, etc), services such as telephone support or help setting the product up, or online extras within the software.
I'll point out that companies such as RedHat are able to make significant amounts of money selling open source software. The software itself is freely available -- you can download it and use it for free without paying RedHat a penny. But people still pay them for it. Why? Because of the extra services they offer.
"Making it more accessible" means making it easier to get your legitimate software than a pirate copy. If someone visits Google looking for your software and the first result is a pirate download site, they'll take the pirate copy. If the first result is your home page, they're more likely to buy it. This is especially important for low-cost software: pirated software may be 'free', but usually it takes more effort to get. If that effort is outweighed by the low cost and lack of effort of simply buying it legitimately, then you've won the battle.
我只见过一次反盗版工作。 Quantel EditBox 系统(视频后处理解决方案),硬件+软件+互联网的反盗版解决方案。 工作站只有在检查银行是否收到月租后才能工作。 如果没有,工作站被锁定。 发生这种情况的有趣的日子......(对我来说有趣的日子,根本没有工作......对于黑客来说没有有趣的一天。)
好吧,PHP 距离硬件解决方案还很远……所以我猜你唯一真正的选择是服务器端,以防止微小的不安全客户端推送内容,正如一些答案中指出的那样。
I saw anti-piracy working once only. Quantel EditBox systems (a post-processing video solution), Hardware+Software+Internet solution against Piracy. Workstation only works after checking if the bank received the monthly rent. If not, workstation was locked. Funny days when this happens... (Funny days for me, no work at all... No funny day for the hacker.)
Well, PHP is far away from hardware solutions... so I guess your only real choice is a server side protected against a tiny unsafe client pushing content, as pointed in some answer yet.
首先要高兴的是你写了一些有用的东西,足以被盗版。 。
这没什么安慰,但请记住,大多数人都是小偷(只要有机会)。
法院
洛塔人说“聘请律师”。
这些人可能从未为律师工作过,也从未经历过案件从开始到结案的整个过程。 另外,他们还假设法律体系是美好的。 如果您身处高度腐败的国家,例如印度或中国,祝您好运。 光是到法庭就需要很长时间。 很难找到一个好的律师。 那里的大多数律师几乎不识字。 我很高兴与六个人打交道。 三个看起来非常好。 另外三人中,其中一人基本上被判犯有贪污罪,另外两人则基本上是低能儿。 所以这是非常非常偶然的。 就像大多数事情一样:如果你想要一个好的律师,那就需要花钱。
如果你在美国,那么财力最雄厚的人可能会获胜——但这既耗时又昂贵,而且你可能(不会)拿回你的钱。
“糟糕的和解胜过良好的诉讼”。 这句格言仍然适用。 除非你有金钱和时间并且愿意失去,否则不要尝试。
防止隐私
如果您的应用程序可以扔到云端,那么就这样做:
应用程序需要面向客户
现在您面临风险。
在这种情况下,如果可能的话,给它们一个可执行文件,即二进制格式。 如果您给他们一个 .net dll,那么即使您对其进行混淆,您仍然会暴露,因为您向他们提供了 IL 代码。
将几个关键功能删除并放在云端(即按照上述步骤操作)。 现在盗版不再那么容易/直接了。 盗版者将不得不复制云功能,这是一个痛苦的过程。 也许向在线数据存储发出发布请求。 剥猫皮的方法有很多种,但原理是一样的:确保有一些源代码隐藏在云端,无法轻易复制。
不要忘记对您的服务收费。 如果它有用,人们就会有动力去付费。
First be happy you have written something useful enough to be pirated. .
This is little consolation, but remember, most human beings are thieves (given the opportunity).
Courts
Lotta guys saying "hire a lawyer".
Those guys prob never worked for a lawyer or seen a case through from inception to closure. Plus they are assuming that the legal system is sweet. If you are in a highly corrupt country, like in India, or China, good luck to you. It will take forever just to get to the court. Very hard to find a good lawyer. Most lawyers there are barely literate. I've had the pleasure of dealing with six. Three seemed very good. Of the other three - one was essentially convicted of embezzlement, and the other two were essentially imbeciles. so it's very, very hit and miss. Like most things: if you want a good lawyer, it will cost you.
If you are in the US then the person with the deepest pockets will likely be victorious - but it is time consuming and expensive, and you may (not) get your money back.
"a bad settlement is better than a good law suit". the adage still holds true. don't even attempt it unless you have money and time you are happy to lose.
Preventing privacy
If your app can be thrown on the cloud, then do so:
Application needs to be client facing
Now you are at risk.
in this case, if possible give them an executable i.e. binary format. If you give them a .net dll, then even if you obfuscate that, you're still exposed because you're giving them IL code.
remove and put a few key functions on the cloud (i.e. follow the above step). Now piracy is not as easy / straight forward. Pirates will have to replicate the cloud functions, which is a pain. Perhaps make post requests to an online data store. many ways you can skin the cat but the principle is the same: make sure that there is some source code hidden in the cloud that cannot be easily replicated.
Don't forget to charge for your services. If it's useful, people will be incentivised to pay for it.
盗版!=版权侵权
有一些已知的途径可以对版权侵权者提起诉讼。
聘请法律团队真的很重要吗?
piracy != copyright infringement
There are known routes to litigate copyright infringers.
Does it really matter enough to hire a legal team?