On our website, I wanted to somehow secure the code where if someone copied the php files and tried to run them on their own server it would alert me. Has anyone ever done this or have any suggestions for what I should do? Here is my thought.... - Edit config to include a php file from a secure location (Example: /home/secured/site_include.php) which only contains a simple array with server ips that are allowed to run the site and then a function that sends the email (Example Below) - Encrypt my config file which is stored in the root directory of website (Example: /home/mywebsite.com/www/config.php) The issue is, someone could just recreate the config file but I DONT want to encrypt all the pages. Is this the best way or can anyone think of another way to do it? site_include.php $approvedIPs = array(); array_push($approvedIPs, '192.168.0.1'); array_push($approvedIPs, '72.72.72.72'); checkServer($_SERVER['12.12.12.12'], $approvedIPs); function checkServer($serverIP, $approvedIPs) { if (!in_array($serverIP, $approvedIPs)) { // SEND ALERT $message = "Software Breach running on Server IP:" . $serverIP; // Send mail('my@email.com', 'Software Breach', $message); } } PHP:
Here is a updated code I wrote that appears to work (not encrypted) but wondering the best way, basically I will then give the developers access to the www directory but not the root directory. This does send two emails, but then it would at least check if they removed the include. Thoughts? config.php (stored in /home/domain.com/www/softwareBreach.php) ------------------------------------------------------------------- $boolSoftwareBreach = true; try { include '/home/domain.com/softwareBreach.php'; } catch (Exception $e) { $boolSoftwareBreach = true; } if ($boolSoftwareBreach) { // SEND ALERT $message = "Software Breach running on Server IP:" . $serverIP; $message .= "\r\n\r\n"; ob_start(); print "\$_SERVER information dump\n\n"; print_r($_SERVER); print "\n--------------------------\n\n"; print "\$_REQUEST information dump\n\n"; print_r($_REQUEST); print "\n--------------------------\n\n"; $message .= ob_get_contents(); ob_end_clean(); // Send mail('my@email.com', 'Software Breach', $message); } PHP: softwareBreach.php (stored in /home/domain.com/softwareBreach.php) ------------------------------------------------------------------- $softwareBreachApprovedIPs = array(); array_push($softwareBreachApprovedIPs, '12.12.12.12'); $boolSoftwareBreach = checkSoftwareBreach($_SERVER['SERVER_ADDR'], $softwareBreachApprovedIPs); function checkSoftwareBreach($serverIP, $approvedIPs) { if (!in_array($serverIP, $approvedIPs)) { // SEND ALERT $message = "Software Breach running on Server IP:" . $serverIP; $message .= "\r\n\r\n"; ob_start(); print "\$_SERVER information dump\n\n"; print_r($_SERVER); print "\n--------------------------\n\n"; print "\$_REQUEST information dump\n\n"; print_r($_REQUEST); print "\n--------------------------\n\n"; $message .= ob_get_contents(); ob_end_clean(); // Send mail('my@email.com', 'Software Breach', $message); return true; } else { return false; } } PHP:
Hi there, i don't understand which type of php encryption you want to use to encrypt config.php that someone can't decrypt it? As i know, Zend and ioncube can be decrypted easily now. :-?