[FREE] [Tutorial] Learn how to protect your plugins against leaking.

Ghast · Jan 16, 2019

Blacklistings said:
Ghast, going to be honest, there was no need for you to interfere here. Norksa is just trying to do a PSA and your trying to push your overpriced plugin leak protection service by scaring people into thinking it won't work or they can be harassed. You are acting like this is suing someone. It's not, and this is commonly used on the internet. There is no way you can get in trouble unless the thing you are trying to take down isn't mostly yours. You don't have to point out anything bad, he is doing this for free and to help people, not earn money. Appreciate what he is doing.

Also, stop attack Norska as a person when you came here to argue his post; completely irrelevant and unprofessional.

Also, I'm sure taggind me with funny and me calls you out is "Holding your self to the highest standards of professionalism". Yeah right

With all due respect, you have a totally biased opinion. When Norska says something, you have to follow it. That kind of attitude will do no impact on anyone.
Best regards,
Ghast[DOUBLEPOST=1547674782][/DOUBLEPOST]

Norska said:
Congratulations, trying yet again to find something to hide behind of. I could describe your RIP-OFF service with a hundred more words but it's really not worth the effort. Anyway, do what you want, I honestly don't care. It's obvious at this point that you're trying too hard, and it's also obvious that you're failing at it.

So why did you make this thread? Should I remind you it was following how salty you got when I kicked you out of my post?

Kavish · Jan 16, 2019

Ghast said:
With all due respect, you have a totally biased opinion. When Norska says something, you have to follow it. That kind of attitude will do no impact on anyone.
Best regards,
Ghast

What do you mean? I don't know him at all and only ever talked to him about claiming a VC for his plugin. I'm siding with him because he is right, not because of bias. I really hope this isn't how you treat people at Nintendo, is it?

Btw: This is FREE. He isn't earning money in any way. Just stop.

Norska · Jan 16, 2019

Let's just stop, this is getting bumped without reason at this point. You do you Ghast, and I'll do me.

Ghast · Jan 16, 2019

Norska said:
Let's just stop, this is getting bumped without reason at this point. You do you Ghast, and I'll do me.

That doesn’t work out when you falsely place a reputation on my profile, does it?[DOUBLEPOST=1547674944][/DOUBLEPOST]

Blacklistings said:
What do you mean? I don't know him at all and only ever talked to him about claiming a VC for his plugin. I'm siding with him because he is right, not because of bias. I really hope this isn't how you treat people at Nintendo, is it?

Don’t bring Nintendo into this. Have you ever read philosophical books on bias? Honestly I recommend it. Passionate subject.

Norska · Jan 16, 2019

Ghast said:
That doesn’t work out when you falsely place a reputation on my profile, does it?

Let's not forget that when you first left a reputation on my profile it was neutral and once this thread was up it magically turned into a negative one, which honestly says a lot about the "good" you want to offer to the community. I wouldn't even bother adding reputation to your account but you were asking for it, you can't really expect me to just stand still and do nothing.

Anyway, as much as this thread was spammed, it is definitely not to the place to get our reputations resolved.

You also should consider stopping bragging about your internships, achievements, and books you've read, it's just a forum and you're just a user like me, no one cares.

Norska · Jan 16, 2019

Thanks for your reply Taleeko, but, I honestly believe it's not worth it to continue this. In the end, it's just a forum and I just don't care enough to continue arguing. My opinion still remains the same about Ghast and I believe his opinion about me still remains the same as well, can't really do anything about it and that's fine by me. Using his paid service or using my free advice, in the end, achieves the same thing, it's up to the individual to decide what they want to do.

Ghast · Jan 16, 2019

Taleeko said:
Norska is obviously trying to do something good and useful for this community. Ghast, Just because you decided to charge people to do the same thing he has put here and play the good guy act, doesn't mean come here and trash on him. Norska obviously wants to help the developers such as me with protecting their software as it should be. But people like you will find anyway to make a dime off the littlest things. Have a nice day and leave his thread alone man.

I doubt you really know the back story to the creation of this thread. It has not been created to "help the community", it was only to sastify Norska’s hatred and salt towards me. No more, no less.

Norska · Jan 16, 2019

Ghast said:
I doubt you really know the back story to the creation of this thread. It has not been created to "help the community", it was only to sastify Norska’s hatred and salt towards me. No more, no less.

Not necessarily, I've known developers that were struggling with such issues, your ridiculous pricing was just the thing that pushed me over the edge. I would create something like this sooner or later but yet again, you try to blame it all on me and make me look like the bad guy. You have to make everything about yourself, it's actually really sad.

Ghast · Jan 16, 2019

Norska said:
Not necessarily, I've known developers that were struggling with such issues, your ridiculous pricing was just the thing that pushed me over the edge. I would create something like this sooner or later but yet again, you try to blame it all on me and make me look like the bad guy.

Do I have to re-upload this screenshot?

You think that I am making you look like the "bad guy", but you acted not as an adult but as a salty kid. You should accept the consequences of your actions. Yet that wasn’t enough for you! So you went ahead and made a post in hope to rival my service. You keep slandering it and calling it overpriced. From what I see on your plugins, you charge 7$ for a plugin that has a lot of free alternatives. Do you want to talk about mature? You seek attention and use my argument to promote this thread.

You complain on the fact I rated this thread funny? How hypocritical!

This goes the same for nearly every single post in my service thread.

Now you dare tell me I am the bad guy? If I am you aren’t worth any better than I am. Maybe replying to this thread was the brightest of all ideas, but now I have a clear idea of what kind of person you are. I’ll let the community be the judge of that.
I will not reply anymore,
Ghast.

Norska · Jan 16, 2019

Ghast said:
Do I have to re-upload this screenshot?
View attachment 182612
You think that I am making you look like the "bad guy", but you acted not as an adult but as a salty kid. You should accept the consequences of your actions. Yet that wasn’t enough for you! So you went ahead and made a post in hope to rival my service. You keep slandering it and calling it overpriced. From what I see on your plugins, you charge 7$ for a plugin that has a lot of free alternatives. Do you want to talk about mature? You seek attention and use my argument to promote this thread.
View attachment 182613
You complain on the fact I rated this thread funny? How hypocritical!
View attachment 182614
This goes the same for nearly every single post in my service thread.

Now you dare tell me I am the bad guy? If I am you aren’t worth any better than I am. Maybe replying to this thread was the brightest of all ideas, but now I have a clear idea of what kind of person you are. I’ll let the community be the judge of that.
I will not reply anymore,
Ghast.

:tup:

As I said above, I simply don't care enough to keep proving you wrong. Believe what you want to believe.

EDIT (16.01.2019):
Actually, I will because I'm bored.

Once again using a specific screenshot of me saying something, while you're not including the whole chat, which automatically makes your overused screenshot sad at this point.

My "actions", you're talking about me saying that your service is a rip-off, which is my opinion. The thread was posted because I genuinely believe that such information should be available to the public.

My plugin's prices are justified, as for the free alternatives -- there are many that have blatantly copied original features from my plugins and decided to release them as a free resource, I have also proof of that. Either way, I don't think how a plugin and information are the same things, especially when they're priced or not.

About me promoting this thread, yet again you're making it about yourself.

My ratings were posted after you left yours, but of course, I'm always the culprit.

I don't care what you think of me.

EDIT (17.01.2019):
To further support my claims to prove what kind of a scumbag Ghast truly is, despite suggesting several times that this is not worth it and that it should be left behind -- Ghast immediately started mocking me and other users that support me in the shoutbox. Ghast just wants attention and other people interacting with him, that's how sad he is. Despite the "civil" arguments made in the thread, he continued harassing users in the shoutbox (of course in the shoutbox, because messages there get pushed away after a while).

Other than calling out me and other user's use of the English language, he also enjoys calling people "broke" and "12 year olds" just because they don't feel like his service which rips people off, is worth purchasing. Ghast thinks so much of himself that he simply can't understand that his service is literally worth 0$.

Furthermore, after I decided to ignore him because he's honestly just an attention whore, I was told by another member over on Discord that he continued harassing me and other users and also lying and claiming things he's never really done. Such as me and other users getting salty about him, which this image is enough to prove that he started arguing (again) and him being salty,

For someone like Ghast, he might even believe that calling someone "broke" and "12 year old" is considered "roasting the fuck out of them" as he claimed in the shoutbox after me and other users ignoring him.

Summing up, Ghast always looks for attention on an online forum because he has nothing better to do with his life, he won't stop at lies and blatantly obvious fake claims. I wouldn't suggest interacting with this user as going against his believes triggers him and he'd literally claim anything and even forge screenshots to make you look like the bad guy in any situation.

Norska · Jan 17, 2019

TheGrandDiamond said:
Nice information! How to use ProGuard?

The videos I have attached to the main thread are tutorials regarding ProGuard.

PepegaGamer · Jan 25, 2019

Disabling plugins due to an internet connection failure is not allowed by Spigot's rules.

Norska · Jan 25, 2019

ItzSomebody said:
Disabling plugins due to an internet connection failure is not allowed by Spigot's rules.

It's just an example, if you want to use that system on spigot you could simply remove that part of the code.

Dozlin · Apr 6, 2019

Thanks. Very helpful information!

Terminator · Apr 6, 2019

Norska said:
I'm creating this thread/tutorial because I believe such knowledge is vital and important for every developer, in order to protect their rights, code, and sales. This tutorial will be split into many parts where I explain in detail every step you need take (few optionals) in order to have an extra layer of protection when it comes to your plugin getting leaked/mirrored/re-distributed by a 3rd party.

How do I protect myself against leaking & slow down the leaking process?
First, you have to understand that leaking and taking down leaks is a perpetual loop, you can't permanently stop someone from leaking your resources but you can take a few easy steps to make it hard, detectable and sometimes not worth the time of the leaker. There are many ways to do this which do not require much effort, such as, DMCA takedown requests, obfuscation, licensing systems and more.

A. What are "DMCA Takedown Requests"?
When content is removed from a website at the request of the owner of the content or the owner of the copyright of the content. It is a well established, accepted, internet standard followed by website owners and internet service providers. Any owner of content has the right to process a takedown notice against a website owner and/or an Online Service Provider (e.g. ISP, hosting company etc.) if the content owner's property is found online without their permission.

Simply said, you send a form to the website (or host which the website is on), requesting a DMCA takedown. You do this via e-mail and most of the times the e-mail you contact is in such form "[email protected]". Most of the time you can find those e-mails and more information regarding the host's policies at the bottom of the website, branded as "Copyright" or "DMCA" etc. Keep in mind that by filing a DMCA complaint you take full responsbility over the outcome/consequences.

An example, MediaFire:

View attachment 180526 View attachment 180527

Here's a DMCA takedown request template (Make sure to edit it to your needs):

Greetings,

My name is [YOUR NAME] and I am the developer/owner of "[YOUR RESOURCE]", which is a paid plugin (software) for a video game called Minecraft. My file ([YOUR RESOURCE]) was uploaded to your servers without my permission and is infringing on at least one copyright owned by me.

You can find the main page of "[YOUR RESOURCE]" here: [ORIGINAL LINK TO THE RESOURCE]

The unauthorized and infringing copy can be found at:
[THE LINK WHERE THE LEAKED FILE IS HOSTED]

This letter is an official notification under Section 512(c) of the Digital Millennium Copyright Act (”DMCA”), and I seek the removal of the aforementioned infringing material from your servers. I request that you immediately notify the infringer of this notice and inform them of their duty to remove the infringing material immediately and notify them to cease any further posting of infringing material to your server in the future.

Please also be advised that law requires you, as a service provider, to remove or disable access to the infringing materials upon receiving this notice. Under US law, a service provider, such as yourself, enjoys immunity from a copyright lawsuit provided that you act with deliberate speed to investigate and rectify ongoing copyright infringement. If service providers do not investigate and remove or disable the infringing material this immunity is lost. Therefore, in order for you to remain immune from a copyright infringement action, you will need to investigate and ultimately remove or otherwise disable the infringing material from your servers with all due speed should the direct infringer, your client, not comply immediately.
I am providing this notice in good faith and with the reasonable belief that the rights I own are being infringed. Under penalty of perjury, I certify that the information contained in the notification is both true and accurate, and I have the authority to act on the copyright(s) involved.

Should you wish to discuss this with me please contact me directly.

Thank you.
[YOUR NAME],
[YOUR EMAIL]

DMCA Takedown Requests usually take 3-7 days to process.

A1. What if my resource is not hosted on any external host, but on the leak website itself?
You can find information about any website by using simple tools which can be found on the internet. Some of those include https://who.is/ , https://hostingchecker.com.

Keep in mind that DMCA complaints are only viable within the US, meaning that hosts which are outside of the US do not have to comply with your DMCA complaint. About that, there's not much you can do except take further steps to add more protection layers to your resource.

B. What is obfuscation?
Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program. Obfuscation will not necessarily 100% protect you against leaks.

Simply said, obfuscators can make your plugins really hard to read/understand, impossible to read/understand and even crash decompilers (software used to view source code).

There are many publicly available tools that can obfuscate plugins and make them hard to understand/reverse engineer for leakers. Obfuscation is easy to do and pretty much just adds an extra wall of "wasting other people's (leakers) time and will to leak your resource". Some of the most popular choices when it comes to plugin obfuscation is ProGuard, Allatori, Klassmaster, ClassGuard, and, my personal choice -- Obzcure. Obfuscation combined with licensing systems, Spigot's nonce tricks and more will most of the time make cracking/leaking your plugin not worth it. Some obfuscators are free to use, others are paid. Keep in mind that most of them support student licenses, so if you're a student don't forget that you can gain access to such tools for free.

Here are a few tutorials regarding obfuscators:

B1. What is "Spigot's nonce tricks"?
Keep in mind that MCM currently does not inject any additional code to resources (plugins) which makes this trick unusable for plugins published on MCM. Though, if you have resources on SpigotMC you can take advantage of special placeholders, branded as "anti-piracy variables" by SpigotMC, in order to further shield your plugins.

Long story short, you hide such variables in your code (which you later obfuscate) and read a file from your (or a hosted) web server, if the file contains the nonce (meaning someone is trying to use your plugin unauthorized), you can take full control over it, such as shutting it down, break functionality and more.

Here's a basic code overview (Credits go to Aderm from SpigotMC):

Code:

public static String uid = "%%__USER__%%"; public boolean sts = true; public void auth() { try { URLConnection localURLConnection = new URL("Your website link").openConnection(); localURLConnection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11"); localURLConnection.connect(); BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(localURLConnection.getInputStream(), Charset.forName("UTF-8"))); StringBuilder localStringBuilder = new StringBuilder(); String str1; while ((str1 = localBufferedReader.readLine()) != null) { localStringBuilder.append(str1); } String str2 = localStringBuilder.toString(); if (str2.contains(String.valueOf(uid))) { disableLeak(); return; } this.sts = true; } catch (IOException localIOException) { localIOException.printStackTrace(); disableNoInternet(); return; } } public void disableLeak() { int x = 0; while(x != 5000){ Bukkit.broadcastMessage(ChatColor.RED + "You leaked my plugin, 5k broadcast!"); x++; } getServer().getPluginManager().disablePlugin(this); sts = false; } public void disableNoInternet() { Bukkit.broadcastMessage(ChatColor.RED + "You don't have a valid internet connection, please connect to the internet for the plugin to work!"); getServer().getPluginManager().disablePlugin(this); sts = false; }

Do not forget to add auth(); in your onEnable method.

You can read more about this here.

View attachment 180528

Generally summing up, as mentioned above -- leaking resources and taking them down is an infinite loop. Some decide to accept it and others decide to do something about it, and, the good thing is that it's not hard at all to take a few precautions, send a few e-mails every now and then when it comes to protecting your rights and your work. Minecraft plugins are still software and their developers have right over them.

- Make sure to update your plugin often, every update is a new chance to further protect your resource and slow down leakers.

Some interesting threads:
"Tips on privacy 'n shit" by Hymfu https://www.spigotmc.org/threads/331152/

"Get Spigot Name and ID from Downloader (Anti-Piracy)" by DevCubeHD https://www.spigotmc.org/threads/172052/

To be continued. Please do ask any questions if you have any & feel free to contribute to the thread.

Last Edit: 22.01.2019

neat, thanks for showing everyone this.

[FREE] [Tutorial] Learn how to protect your plugins against leaking.

Norska

Java Developer (https://norska.dev)

Attachments

Ghast

Founding Father of Hypocrisy - https://artemis.ac

Kavish

deephelp.org

Norska

Java Developer (https://norska.dev)

Ghast

Founding Father of Hypocrisy - https://artemis.ac

Norska

Java Developer (https://norska.dev)

Norska

Java Developer (https://norska.dev)

Ghast

Founding Father of Hypocrisy - https://artemis.ac

Norska

Java Developer (https://norska.dev)

Ghast

Founding Father of Hypocrisy - https://artemis.ac

Attachments

Norska

Java Developer (https://norska.dev)

Attachments

Norska

Java Developer (https://norska.dev)

PepegaGamer

Norska

Java Developer (https://norska.dev)

Dozlin

Terminator