Ban a server from Using your plugin

Discussion in 'Spigot Plugin Development' started by michiel, Sep 26, 2017.

  1. Make it a bit harder to find their IP in the list by using either longip version of their ipv4 or perhaps convert it yourself with a unique salt, being their download name? (so if they filter it, and it dosen't match, then add the current ip as an ip so it's auto blocked).
     
    • Informative Informative x 1
  2. FrostedSnowman

    Resource Staff

    just a waste of time, lol.
     
  3. TeamBergerhealer

    Supporter

    Introduce small little bugs and glitches in your plugin when you detect it's run 'illegally'. This serves many purposes:
    • You find out who is doing it, because you know why it is caused
    • When they report the bug, just ask for proof of ownership. They can't provide it, so no tech support.
    • They think its a bug so they won't try to actually disassemble the plugin right-away. When you say NO YOU CANT RUN IT, they go right into the code to disable it.
    • You can be very creative with the bugs, make some people laugh :)
    But really, you cannot stop people from using your plugins illegally. You will just join the war against pirates that the videogame industry is waging, and failing. No matter how much encryption, detection, checks, and smug warnings you introduce. You will eventually run into a foe much more skilled than you who will circumvent the whole thing. There is always a way, because if you can execute the code, you can get the code. You can't stop a computer from understanding the code it is executing. It makes no sense.
     
    • Like Like x 1
  4. Funny. For sure it is possible.

    Simply create somewhere a list with an identifier of the server you want to ban and query this list in your plugin (e.g. on startup or with a scheduler). If the server is in the list. disable/remove the plugin.
     
  5. TeamBergerhealer

    Supporter

    its impossible because anyone can open up your plugin .jar in a Java bytecode editor and nullify your check. Edit your list. Or anything else. Any extra protections you add can be removed with sufficient effort. Running a modified VM allows you to essentially see the code that is running regardless of how you obfuscate it.

    That is why it's impossible. Worse, you will probably end up hurting legitimate users.
     
  6. So it's possible, but you might be able to remove/disable this check. Not everybody is able to remove this check. It's nothing you can have trust in, but it's possible.
     
    • Optimistic Optimistic x 1
  7. TeamBergerhealer

    Supporter

    But those that can will make the cracked version publicly available. Possible it is, useful it is not.
     
  8. Thank you for this useful (ans not already known) information. You really fill this thread with useful content.
     
    • Funny Funny x 1
  9. I had the same problem when i first posted my skywars plugin on spigot, i wanted to do something like this so i could prevent people from actually giving away the plugin for free. The problem is, spigot doesn't give a single fuck, they will still own your Resource even if you know who is clearly giving away your plugin, yeah you could block the servers they use it on but at the end it's just a pain in the ass, you could maybe add the protection and obfuscate the code and that would stop most people but there will be someone out there that will be able to remove the security anyways. At the end i simply didn't care anymore, i keep updating the plugin and people keep buying it, if there is someone giving it for free it don't really care at all.
     
  10. TeamBergerhealer

    Supporter

    Hey, sorry that 'no' isnt useful content to you. There are also problems associated with checking whether it is the server. You will hurt legitimate users because not all servers have a static IP address. You cannot rely on that, because people do shared hosting or use a third party for the hosting. Their hardware may change, they may shift machines entirely, sometimes out of their control. Every problem that exists for license keys or hardware fingerprinting applies. All that to stop a bunch of malicious users from cracking your plugin on day 0, to instead do it on day 7.

    Don't hurt legitimate users for the actions of a few. DRM can cause serious hindrance to your paid users, and only to your paid users, to the point people prefer the cracked version over your paid version. I strongly discourage even trying.

    Legal action is about all you have
     
  11. Your solution is already exist in spigot, use AdvanceLicense (thanks to @Leoko)
    However it's really easy crack a jar file , you can use something like ProGuard or Zelix KlassMaster to make it harder

    Another solution:
    Let's say you don't want that a server with this public IP address 85.85.85.85 use your plugin so you can save hashed IP address somewhere in your plugin and check if the server hashed IP address equals with that if so you can disable your plugin.

    However both solutions are easy to bypass :D so don't really waste your time for that
     
    • Like Like x 1
  12. It all comes down to 1 point: No you cannot stop piracy, as soon as the plugin becomes public anyone that has a jdgui can break it open check the code, loadup whats there alter whatever check you added remove that and still have the plugin work.

    Idk why this keeps going X)
     
    • Agree Agree x 3
  13. The only real way of stopping piracy is to not give the end user the full application, for example running it in a cloud such as Office 365. Of course, with Minecraft you can pretty much forget this, especially with premium resources that you want to sell here because it's against the guidelines. For a freelance job, you could create something like it, though I wouldn't really know what functionalities can be cloud sided in a Minecraft plugin...

    As for the question: Can you ban a server from using your plugin? Yes and no. Surely you can code it of course you'd be able to do a simple check to see whether the server is allowed to use your plugin or not, but people will be able to decompile the plugin, remove the check and simply use your plugin again. So, it is pretty pointless and a waste of time.
     
  14. TeamBergerhealer

    Supporter

    One plugin I've seen displayed posable player models on map displays. They did the rendering of these player models on the server, using an API key. There are functionalities, but not many.
     
    • Informative Informative x 1


  15. Hey, this license thing was where if was looking for, exact what I want to do.
    And yes I know it's not hard to crack but, still it's better than nothing, and there will be for sure people going to send plugins to there friends and can't do that since it's with a license. Thank you very much!

    Thanks
     
    • Like Like x 1