Virtual Private Server - I need to host a Java Server and make it secure.

King Archie · Feb 18, 2017

Hi there.

The next native clicker update will include a server that the client will connect to, the client will send some information (e.g. their hardware id), the server will validate their information and send back some classes to start the auto clicker.

My question is -

What VPS would I need for this?
How can I make it secure?
What could go wrong if I did it this way?

Thank you.

/usr/bin/ · Feb 18, 2017

What do you mean by what type of VPS?
If your referring to OS, you can use either Linux or Windows .

You can't make this 100℅ piracy proof. There will always be a way to reverse engineer your application, infact your application itself won't even need to be reverse engineered in this case, Simply just monitor the packets sent/received and you could literally get the class file your server sends over to a authenticated client. Also the hardware ID can be spoofed .

Couple of things can go wrong if you run dynamic class files. The client can be running a 32-bit OS and your class could be compiled in 64-bit. Of course you can counter this difference by detecting the clients architecture.

King Archie · Feb 18, 2017

/usr/bin/ said:
What do you mean by what type of VPS?
If your referring to OS, you can use either Linux or Windows .

You can't make this 100℅ piracy proof. There will always be a way to reverse engineer your application, infact your application itself won't even need to be reverse engineered in this case, Simply just monitor the packets sent/received and you could literally get the class file your server sends over to a authenticated client. Also the hardware ID can be spoofed .

Couple of things can go wrong if you run dynamic class files. The client can be running a 32-bit OS and your class could be compiled in 64-bit. Of course you can counter this difference by detecting the clients architecture.

So - is it a stupid idea? It's to make it harder to leak the clicker. What VPS should I buy?

/usr/bin/ · Feb 18, 2017

Rate said:
So - is it a stupid idea? It's to make it harder to leak the clicker. What VPS should I buy?

Linux would be fine, no need to purchase windows server license.

It not necessarily a stupid idea, my point being is people who want to leak your auto clicker simply will.

King Archie · Feb 18, 2017

/usr/bin/ said:
Linux would be fine, no need to purchase windows server license.

It not necessarily a stupid idea, my point being is people who want to leak your auto clicker simply will.

But if their cpuid and ip isn't on the server and ALSO if the current version they're using isn't on the server then it will not send the GUI panel class - which means the panel will not load.

If they remove it from the server, then the panel won't load anyway.

I understand it is still leakable - but it is harder, right?

/usr/bin/ · Feb 18, 2017

Rate said:
But if their cpuid and ip isn't on the server and ALSO if the current version they're using isn't on the server then it will not send the GUI panel class - which means the panel will not load.

If they remove it from the server, then the panel won't load anyway.

I understand it is still leakable - but it is harder, right?

Keep in mind some people have dynamic IP addresses, like my self. My ISP issues me a new IP time to time. It will be a little hurdle for someone knowledgeable enough. Seems more like a hassle for the legitimate client.

Why not implement a simple login form? Instead of this Hardware ID, and IP checking?

King Archie · Feb 18, 2017

/usr/bin/ said:
Keep in mind some people have dynamic IP addresses, like my self. My ISP issues me a new IP time to time. It will be a little hurdle for someone knowledgeable enough. Seems more like a hassle for the legitimate client.

Why not implement a simple login form? Instead of this Hardware ID, and IP checking?

People can easily share their logins. It isn't too much of a hassle, since I don't want the product being leaked (since I'll make a good few hundred dollars from it).

/usr/bin/ · Feb 18, 2017

Rate said:
People can easily share their logins. It isn't too much of a hassle, since I don't want the product being leaked (since I'll make a good few hundred dollars from it).

Atleast when they share logins it would be easier for you to suspend or disable that login when you become aware of it. You could also keep track of the login IP addresses.

King Archie · Feb 18, 2017

/usr/bin/ said:
Atleast when they share logins it would be easier for you to suspend or disable that login when you become aware of it. You could also keep track of the login IP addresses.

Still - people could easily disable the login if they decompile. This way - the whole application isn't stored on the PC, some of it is on the server.

/usr/bin/ · Feb 18, 2017

Rate said:
Still - people could easily disable the login if they decompile. This way - the whole application isn't stored on the PC, some of it is on the server.

I dont think you understand, you can make it a login and then when the user signs in send them the class file from the server.

King Archie · Feb 18, 2017

/usr/bin/ said:
I dont think you understand, you can make it a login and then when the user signs in send them the class file from the server.

Oh right - I could of course do both.

But in general - the server idea is a good one?

MTG · Feb 18, 2017

What? All that for an autoclicker lol

King Archie · Feb 18, 2017

MTG said:
What? All that for an autoclicker lol

Indeed.

Samuel · Feb 18, 2017

It's Java

People will just decompile and remove your security if they want to get around it

MTG · Feb 18, 2017

Samuel said:
It's Java

People will just decompile and remove your security if they want to get around it

Was gonna say that, but I knew someone was gonna rate my post funny lol

King Archie · Feb 18, 2017

Samuel said:
It's Java

People will just decompile and remove your security if they want to get around it

It's obfuscated, and secondly, the configuration for the JPanels is stored on the server and sent to the client. If they do reverse engineer the product then they'll have to actually create the panel.

/usr/bin/ · Feb 18, 2017

There are soo many deobfuscators online. And wow only the Java GUI layout is on the server .. lol

King Archie · Feb 18, 2017

/usr/bin/ said:
There are soo many deobfuscators online. And wow only the Java GUI layout is on the server .. lol

What else should I put on the server? I'm trying to make this as secure as possible.

Zosting · Feb 27, 2017

Go with Linux on this one, you can however use both.

Virtual Private Server - I need to host a Java Server and make it secure.

King Archie

Java Software Development

/usr/bin/

Linux Warrior & Software Developer

King Archie

Java Software Development

/usr/bin/

Linux Warrior & Software Developer

King Archie

Java Software Development

/usr/bin/

Linux Warrior & Software Developer

King Archie

Java Software Development

/usr/bin/

Linux Warrior & Software Developer

King Archie

Java Software Development

/usr/bin/

Linux Warrior & Software Developer

King Archie

Java Software Development

MTG

愛

King Archie

Java Software Development

Samuel

The most serious person ever.

MTG

愛

King Archie

Java Software Development

/usr/bin/

Linux Warrior & Software Developer

King Archie

Java Software Development

Zosting