I'm creating this thread/tutorial because I believe such knowledge is vital and important for every developer, in order to protect their rights, code, and sales. This tutorial will be split into many parts where I explain how you can have an extra layer of protection when it comes to your plugin getting leaked/mirrored/re-distributed by a 3rd party.
How do I protect myself against leaking & slow down the leaking process?
First, you have to understand that leaking and taking down leaks is a perpetual loop, you can't permanently stop someone from leaking your resources but you can take a few easy steps to make it hard, detectable and sometimes not worth the time of the leaker. There are many ways to do this which do not require much effort, such as, DMCA takedown requests, obfuscation, licensing systems and more.
A. What are "DMCA Takedown Requests"?
When content is removed from a website at the request of the owner of the content or the owner of the copyright of the content. It is a well established, accepted, internet standard followed by website owners and internet service providers. Any owner of the content has the right to process a takedown notice against a website owner and/or an Online Service Provider (e.g. ISP, hosting company, etc.) if the content owner's property is found online without their permission.
Simply said, you send a form to the website (or host which the website is on), requesting a DMCA takedown. You do this via e-mail and most of the time the e-mail you contact is in such form "[email protected]". Most of the time you can find those e-mails and more information regarding the host's policies at the bottom of the website, branded as "Copyright" or "DMCA", etc. Keep in mind that by filing a DMCA complaint you take full responsibility for the outcome/consequences, if you are unsure about what you are doing you should get legal advice first.
Here's a DMCA takedown request template (Make sure to edit it to your needs):
A1. What if my resource is not hosted on an external host, but on the leak website itself?
You can find information about any website by using simple tools that can be found on the internet. Some of those include https://who.is/ , https://hostingchecker.com.
Keep in mind that DMCA complaints are only viable within the US, meaning that hosts which are outside of the US do not have to comply with your DMCA complaint. About that, there's not much you can do except take further steps to add more protection layers to your resource.
B. What is obfuscation?
Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program. Obfuscation will not necessarily 100% protect you against leaks.
Simply said, obfuscators can make your plugins really hard to read/understand, impossible to read/understand and even crash decompilers (software used to view source code).
There are many publicly available tools that can obfuscate plugins and make them hard to understand/reverse engineer for leakers. Obfuscation is easy to do and pretty much just adds an extra wall of "wasting other people's (leakers) time and will to leak your resource". Some of the most popular choices when it comes to plugin obfuscation are ProGuard, Allatori, Klassmaster, ClassGuard and many more. Obfuscation combined with licensing systems, anti-piracy placeholders will most of the time make cracking/leaking your plugin not worth it. Some obfuscators are free to use, others are paid. Keep in mind that most of them support student licenses, so if you're a student don't forget that you can gain access to such tools for free.
Here are a few tutorials regarding obfuscators:
Generally summing up, as mentioned above -- leaking resources and taking them down is an infinite loop. Some decide to accept it and others decide to do something about it, and, the good thing is that it's not hard at all to take a few precautions to protect your work.
Addressing the drama in this thread: There have been disagreements with me and Ghast/some other users in the past and you may come across toxic content in the replies, please ignore it as many months have passed since then and there's no need to pour gas in the fire.
How do I protect myself against leaking & slow down the leaking process?
First, you have to understand that leaking and taking down leaks is a perpetual loop, you can't permanently stop someone from leaking your resources but you can take a few easy steps to make it hard, detectable and sometimes not worth the time of the leaker. There are many ways to do this which do not require much effort, such as, DMCA takedown requests, obfuscation, licensing systems and more.
A. What are "DMCA Takedown Requests"?
When content is removed from a website at the request of the owner of the content or the owner of the copyright of the content. It is a well established, accepted, internet standard followed by website owners and internet service providers. Any owner of the content has the right to process a takedown notice against a website owner and/or an Online Service Provider (e.g. ISP, hosting company, etc.) if the content owner's property is found online without their permission.
Simply said, you send a form to the website (or host which the website is on), requesting a DMCA takedown. You do this via e-mail and most of the time the e-mail you contact is in such form "[email protected]". Most of the time you can find those e-mails and more information regarding the host's policies at the bottom of the website, branded as "Copyright" or "DMCA", etc. Keep in mind that by filing a DMCA complaint you take full responsibility for the outcome/consequences, if you are unsure about what you are doing you should get legal advice first.
Here's a DMCA takedown request template (Make sure to edit it to your needs):
Greetings,
My name is [YOUR NAME] and I am the developer/owner of "[YOUR RESOURCE]", which is a paid plugin (software) for a video game called Minecraft. My file ([YOUR RESOURCE]) was uploaded to your servers without my permission and is infringing on at least one copyright owned by me.
You can find the main page of "[YOUR RESOURCE]" here: [ORIGINAL LINK TO THE RESOURCE]
The unauthorized and infringing copy can be found at:
[THE LINK WHERE THE LEAKED FILE IS HOSTED]
This letter is an official notification under Section 512(c) of the Digital Millennium Copyright Act (”DMCA”), and I seek the removal of the aforementioned infringing material from your servers. I request that you immediately notify the infringer of this notice and inform them of their duty to remove the infringing material immediately and notify them to cease any further posting of infringing material to your server in the future.
Please also be advised that law requires you, as a service provider, to remove or disable access to the infringing materials upon receiving this notice. Under US law, a service provider, such as yourself, enjoys immunity from a copyright lawsuit provided that you act with deliberate speed to investigate and rectify ongoing copyright infringement. If service providers do not investigate and remove or disable the infringing material this immunity is lost. Therefore, in order for you to remain immune from a copyright infringement action, you will need to investigate and ultimately remove or otherwise disable the infringing material from your servers with all due speed should the direct infringer, your client, not comply immediately.
I am providing this notice in good faith and with the reasonable belief that the rights I own are being infringed. Under penalty of perjury, I certify that the information contained in the notification is both true and accurate, and I have the authority to act on the copyright(s) involved.
Should you wish to discuss this with me please contact me directly.
Thank you.
[YOUR NAME],
[YOUR EMAIL]
My name is [YOUR NAME] and I am the developer/owner of "[YOUR RESOURCE]", which is a paid plugin (software) for a video game called Minecraft. My file ([YOUR RESOURCE]) was uploaded to your servers without my permission and is infringing on at least one copyright owned by me.
You can find the main page of "[YOUR RESOURCE]" here: [ORIGINAL LINK TO THE RESOURCE]
The unauthorized and infringing copy can be found at:
[THE LINK WHERE THE LEAKED FILE IS HOSTED]
This letter is an official notification under Section 512(c) of the Digital Millennium Copyright Act (”DMCA”), and I seek the removal of the aforementioned infringing material from your servers. I request that you immediately notify the infringer of this notice and inform them of their duty to remove the infringing material immediately and notify them to cease any further posting of infringing material to your server in the future.
Please also be advised that law requires you, as a service provider, to remove or disable access to the infringing materials upon receiving this notice. Under US law, a service provider, such as yourself, enjoys immunity from a copyright lawsuit provided that you act with deliberate speed to investigate and rectify ongoing copyright infringement. If service providers do not investigate and remove or disable the infringing material this immunity is lost. Therefore, in order for you to remain immune from a copyright infringement action, you will need to investigate and ultimately remove or otherwise disable the infringing material from your servers with all due speed should the direct infringer, your client, not comply immediately.
I am providing this notice in good faith and with the reasonable belief that the rights I own are being infringed. Under penalty of perjury, I certify that the information contained in the notification is both true and accurate, and I have the authority to act on the copyright(s) involved.
Should you wish to discuss this with me please contact me directly.
Thank you.
[YOUR NAME],
[YOUR EMAIL]
A1. What if my resource is not hosted on an external host, but on the leak website itself?
You can find information about any website by using simple tools that can be found on the internet. Some of those include https://who.is/ , https://hostingchecker.com.
Keep in mind that DMCA complaints are only viable within the US, meaning that hosts which are outside of the US do not have to comply with your DMCA complaint. About that, there's not much you can do except take further steps to add more protection layers to your resource.
B. What is obfuscation?
Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program. Obfuscation will not necessarily 100% protect you against leaks.
Simply said, obfuscators can make your plugins really hard to read/understand, impossible to read/understand and even crash decompilers (software used to view source code).
There are many publicly available tools that can obfuscate plugins and make them hard to understand/reverse engineer for leakers. Obfuscation is easy to do and pretty much just adds an extra wall of "wasting other people's (leakers) time and will to leak your resource". Some of the most popular choices when it comes to plugin obfuscation are ProGuard, Allatori, Klassmaster, ClassGuard and many more. Obfuscation combined with licensing systems, anti-piracy placeholders will most of the time make cracking/leaking your plugin not worth it. Some obfuscators are free to use, others are paid. Keep in mind that most of them support student licenses, so if you're a student don't forget that you can gain access to such tools for free.
Here are a few tutorials regarding obfuscators:
Generally summing up, as mentioned above -- leaking resources and taking them down is an infinite loop. Some decide to accept it and others decide to do something about it, and, the good thing is that it's not hard at all to take a few precautions to protect your work.
Addressing the drama in this thread: There have been disagreements with me and Ghast/some other users in the past and you may come across toxic content in the replies, please ignore it as many months have passed since then and there's no need to pour gas in the fire.
- Make sure to update your plugin often, every update is a new chance to further protect your resource and slow down leakers.
Some interesting threads:
"Tips on privacy 'n shit" by Hymfu https://www.spigotmc.org/threads/331152/
"Get Spigot Name and ID from Downloader (Anti-Piracy)" by DevCubeHD https://www.spigotmc.org/threads/172052/
Some interesting threads:
"Tips on privacy 'n shit" by Hymfu https://www.spigotmc.org/threads/331152/
"Get Spigot Name and ID from Downloader (Anti-Piracy)" by DevCubeHD https://www.spigotmc.org/threads/172052/
Attachments
Last edited:
