The only free (or at least cheap) ones I've seen generally all do the same thing: recursive eval()/base64_decode() calls. Any of these can be decrypted by any reasonably skilled PHP coder with a bit of patience -- it will only stop the casual user (or impatient skilled user, who will likely not want to use such obfuscated code in the first place).
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
yeah i too have done this kind of decryption of some shells that were placed on my server by a hacking attack. is there some way to convert the source code into binary or similar and run without any problem. Like in ASP.NET (I think its possible in ASP.NET as I don't know much about it)
You might be able to use the bytecode extension, but I've never used it, and you now know at least as much about it as I do.
Excellent suggestion NogDog.
Having your programs as byte code makes them incredibly portable. If you do not know anything about how Java works then you'll be in for a surprise, even if you already know a fair deal about OOP in PHP.
If you have not used Java then be very cautious using this extension. It comes from a different world not the least bit like PHP.
If you don't like the JVM you can compile your PHP with Hip Hop (from what I have heard).
I use (, ; : -) as I please- instead of learning the English language specification: I decided to learn Scheme and Java;
Protect against *casual* reading of your code by the .htaccess
file in the directory from which your PHP is called, and also give
this directory drwxr-xr-x permissions.
Always place 'Options -Indexes' in the .htaccess file and always
have a file called 'index.html' or 'index.php' in the directory.
- Determined hacking (usually by brute force FTP) will always result
in some clown f**king up your site. It has happened to me on a few
occasions. Even if you run compiled programs on the server, *someone*
will get in, someday, and replace your code with malicious crap of
Vigilance, and frequent changes of FTP passwords on your host, do
their bit to help. Otherwise, the first you may hear of it is a dreaded
Google "this site may harm your computer" flag ! ! [At least, this shows
your SEO is effective :-) ]
Last edited by chriseccles; 06-12-2011 at 02:27 AM.