vbulletin "call home" function in adminfunctions.php

I think it's a good thing, but it would have been better to announce things like this...

Yes, and announcing this will certainly have MORE effect against piracy than hiding it only and will not offend users and their privacy...

By announcing it, the warez kiddies would just remove it from the scripts entirely...I don't see how it would have more of an effect.

I am glad to see that there is something being done by jelsoft to try to stop the piracy. I am a valid license holder and was approached by someone claiming to be a valid holder as well that thought I was not. They wanted to trade vb2 for another piece of sw that I run (I also own that license). I had to say NO at least 6 times. I even had to sign off ICQ for them to leave me alone. Piracy is no different than shoplifting. It is stealing and companies need to implement security the only way they can which is in the software. COnsider it their undercover rent-a-cop. Jelsoft, in no way, has offended me.

I think the best way (I know...hind sight it 20/20) would have been for Jelsoft to incorporate 2, 3 or 10 of these call home gifs throughout the script and inform the members that "an anti piracy" measure had been implemented in the code starting with version X. We didn't have to know exactly where it was and when curious hack makers ran into the code, they'd go "ahhhh" and move on and either remove it or whatever....

Well yes I do like to complain.
No I'm not a license holder - but I have got two of my clients to purchase it, and I also have a Vbulletin license holder on my dedicated server. So I do therefore care what is in the code.

If people in the past have needed a php/mysql board I have recomended it.

Why is it brainless ? because its so easy to spot. A simple scan through that file would alert anone straight away.

It's not my job to do your php coding - you can do some pretty obfuscated php coding, which will frustrate most people and stop piracy. You can put some security protection in when they download it, creating parts of the scripts specifically for that domain.

I think it has damaged Jelsofts reputation maybe not so much as I first thought, but I will bet a lot of people find it slightly unethical.

But they haven't - the code has given Jelsoft a list of a large amount of pirate copies and their URLs. If the measure hadn't been succesful then I would agree with you but it was succesful.
Didn't you say earlier in the thread that Jelsoft don't have the right to know where it is installed? How could they make a copy specifically for your domain if that is the case?
Anyway, it isn't possible because the code could be changed just like a few people will/have removed this anti piracy measure.

Knowing where it's installed and knowing what the domain is are two different things.

It's quite simple to generate some code to make the script domain specific and even notify Jelsoft if it's a pirate copy without calling back to jelsoft through a link, or delete the whole script, theres a whole lot of stuff you could do.

I caught myself out once by making a shopping cart domain specific and using it somewhere else, client wondered why it didn't work.
I stupidly took it out and the client didn't pay up for extra copies he used.

Your method is no more effective than the current one because either way, the pirate could just remove the code from the PHP files.

About the location of your board, if you don't want Jelsoft to know then that's tough! It is a requirement of the license agreement for you to reveal the location of the board (full URL, not domain). That is not something anyone can argue over.

Im not talking about 1 line of php code, Im talking about obfuscating some code throughout lots of files, making it so that to take the code out that its no 5 second job.

I don't think putting piracy protection in is wrong, I just think it could have been done in more polite way.

I'll sign of this thread and let it die.

Originally posted by 4php
Alrightly, so you want us to make a more complicated solution? If we did that, then you might not know whats in the code, but you said you care to know exactly what its doing.
If its not, then its also not your job to tell us to use other ways to stop piracy while not telling us how.

Yes, obfuscated code is possible, but its not the wise choice. Coders like a challenge, obfuscation provides that challenge -- and any obfuscated code sticks out like a sore thumb. Sure, we could've obfuscated the code, but all that would have done is:
1) convinced you even more that we're trying to hide something
2) create a desire for more people to want to remove it
3) give people a sense of accomplishement after they decrypted it, therefore feeling justified in telling the world of their l33t hacking skills
Always a possiblity, but what if a forums with a ton of hacks changes their domain? Or more likely, what about the many sites which are accessible via a number of alias domains.
How would they be notified? Email? Its the same deal, email or http, Jelsoft will still have to be contacted
Yes, that'd be great. Then if someone runs a test server, their production board is whiped. Hoorah!
So obfuscation and piracy checking with automatic board deletion is polite? Get real...the image callback is about the most harmless way to check.

Unfortunatly this thread ruins the point of having it installed. a shame.

The simplest solution i think is not to have the image in admin but to have it in index.php. Why? because then if jelsoft suspects the board is suspect they just view the source and see if the image is fill is there with the license number. It would be impossible (yes!) to get away with pirating.

I have a question ! I have a copy of my board on my local server for testing and translating. Is this illegal ?

It seems a very good solution!

Olly

While I sympathize with the VBulletin team, I certainly do not condone these sort of tracking bugs in software of any kind.

Over the past few years, countless numbers of software companies have been caught spying on customers, some relatively innocently and others blatantly invading the privacy of law abiding software owners.

Once you cross the fuzzy line between "license verification" and what many consider undue surveillance, you've become what I'm sure most of you would consider evil if applied to your own life or situation.

As individuals, we are all accountable for our actions, but what if those you were accountable for had you under 24 hour watch? An IRS agent outside your house, your boss standing outside your office 8 hours a day, a location monitor that your wife/husband requires that you wear at all times? (Don’t bother *****ing about the loose analogies, they are just that, loose but I think they make my point.)

I'm certainly not for software piracy and I think the developers deserve to get paid for their product, but I also think that we, as paying customers deserve enough respect not to be spied on, logged, and put under surveillance like common criminals.

Do a google search on "privacy" and other such things in regards to software and you'll find that the majority of legitimate customers do not approve of these sorts of tactics and you'll also find that there are a number of movements (both grassroots and legislative) to put a stop to such activities if consumer privacy laws do not already address such actions.

Me personally ... I will openly tell you that I will circumvent this surveillance mechanism, not because I'm running an illegal forum (reg number and info avail upon request), but because I whole heartedly oppose the tactics in which these anti-piracy controls have been implemented and resent the profiling in which I am being subject to. (i.e. warez pups steal our forum so let’s spy on everyone because they fit the profile as someone who uses a computer and runs a website in some way.)