Lets list business scripts that do the "bad thing" of calling home. For those not in the know I will give you an example.

Today I went to login to my livehelper script from turnkeywebtools.com and got the error :

Warning: fsockopen(): unable to connect to www.turnkeywebtools.com:80 in /home/xxxxxx/public_html/phplive/admin/login.php on line 54

This means that my script that I purchased in full is trying to connect to turnkeywebtools.com (to validate my license) but has failed to connect. Their web site is down so my script is broken. That is why I hate this kind of software. It is just another point of failure.

So...let me start the ball rolling by naming and shaming turnkeywebtools.com with PHPLivehelper

Simon

well that's bad coding.

PhpManager use to call home, and for days, people couldn't access their script because the page was down, so they modified the code that if it couldnt access the website, it would still log them in.

I think scripts that call home to verify license is great, but as long as it doesn't interfere with the users who use it.

vBulletin Version 2 calls home, so when the vB site goes down (every day) people have trouble loading the AdminCP Index :D

Yes...I have no problem with the license being verified but when it interfers with my business then I am going to be pissed about that. I will be letting them know my thoughts on this later today.

Simon

I don't see a problem calling home once, but once it calls home, that should be it.

If it is valid once, what says it is not going to be the next time?

Or have the script have a "I called home, srcipt good until X date"

Originally posted by N9ne
vBulletin Version 2 calls home, so when the vB site goes down (every day) people have trouble loading the AdminCP Index :D


errrr no, no you are wrong and i suspect that you know your wrong, all the script in vb2 does is call a blank giff from jelsofts server so putting the address of your website and the license number into database (i presume) that is there. if the site is down you can still log into your cp.

its a bit of a cak system as it takes about 1 nanosecond to get rid, vb3 is different in so far as its in quite a few places and when you down load the software it puts you licence number into each and every file as well as the time of download, so the crackers need to get rid of that as well :)


took me a while but i cleaned one out and no i didnt release it to the wild i eventualy deleted it when i got fed up with the whole message board site admin rubbish..........


oh and the licence number you needed to input before vb3 will start to install was changed to 00000

can anybody actually reach phplivehelper.com or turnkeywebtools.com or is it just me?

Simon

I think ClientExec only calls home on install, which is a good idea.

SimonMc: Nope, can't access either.

that's why I use phpBB and not VBB :)

Its a stupid Idea I think, I can understand doing it once, on install... or if its a rented for a limited amount of time, then every few weeks...

Originally posted by phill2003
errrr no, no you are wrong and i suspect that you know your wrong, all the script in vb2 does is call a blank giff from jelsofts server so putting the address of your website and the license number into database (i presume) that is there. if the site is down you can still log into your cp.

its a bit of a cak system as it takes about 1 nanosecond to get rid, vb3 is different in so far as its in quite a few places and when you down load the software it puts you licence number into each and every file as well as the time of download, so the crackers need to get rid of that as well :)


took me a while but i cleaned one out and no i didnt release it to the wild i eventualy deleted it when i got fed up with the whole message board site admin rubbish..........


oh and the licence number you needed to input before vb3 will start to install was changed to 00000

You tell me I'm wrong in saying vB2 calls home, yet you just said yourself that a .gif file is called from jelsoft's server.

vB3's security is a little bit odd, and you're wrong in saying you enter your license number before installing, you actually enter your customer number. When they put a file called authenticate.php in the install directory though, it's kinda obvious how to get around it anyway :eek:.

Either way, vB3 is better in terms of not calling home as there were problems when the jelsoft server was unavailable because it delayed the loading time of the adminCP.

As for vB3 putting license numbers into files, a good hacker will easily be able to remove it from all files with a simple script but that's more effort put in than vB2's defense so vB3 is better in that way too.

I see nothing wrong with a script that calls home to verify. As long as it does not stop the presses if the 'home' website is down or inaccesable. That's foolish and is bound to cause their customers grief and loss of business.

Even if it periodically calls home to verify, then again it should be a background check not something that halts everything because the server cannot be reached for some reason.

Originally posted by Davros
I see nothing wrong with a script that calls home to verify. As long as it does not stop the presses if the 'home' website is down or inaccesable. That's foolish and is bound to cause their customers grief and loss of business.

Even if it periodically calls home to verify, then again it should be a background check not something that halts everything because the server cannot be reached for some reason.

Agreed...the big problem for me today is that the admin section has been unavailable to me all day because the script is trying to call home and failing because thier web site is down.

You would think a program like phplivehelper would be better coded but it just goes to show....they are probably just a bunch of hacks.

Their support is notoriously rude too. So I am really looking forward to communicating my displeasure to them.

Simon

thats why I put all my "call home" scripts so that if they cant reach the website they call home to they just continure. You can set a time out. I usually set mine to something like 2 seconds.

If the scripts can connect in 2 seconds then it loads the page regardless. Of course, there are many many other security measures in place. But nonetheless, it will load the script even if the server is down.

You could also have a cluster of servers. When one goes down, the others are still up tp recieve the auth requests from the script.

This is the second day phplivehelper.com or turnkeywebtools.com is down (reliability issue with current host probably :-)

They are ripe for a decent web host...except they host themselves :-)

Some companies just do not have any contingency built into anything they do. I would recommend anyone planning to use this outfits scripts that they come with a "Buyer Beware" tag.

Simon

Originally posted by SimonMc
Lets list business scripts that do the "bad thing" of calling home. For those not in the know I will give you an example.

Today I went to login to my livehelper script from turnkeywebtools.com and got the error :

Warning: fsockopen(): unable to connect to www.turnkeywebtools.com:80 in /home/xxxxxx/public_html/phplive/admin/login.php on line 54

This means that my script that I purchased in full is trying to connect to turnkeywebtools.com (to validate my license) but has failed to connect. Their web site is down so my script is broken. That is why I hate this kind of software. It is just another point of failure.

So...let me start the ball rolling by naming and shaming turnkeywebtools.com with PHPLivehelper

Simon

Check the whois on their domain, it appears to be hacked,
edit: it was yesterday, appears to be normal now so they hopefully will be up soon. Go to that line and put an @ in front of it, that will remove the error making your script function.

@$fp = fsockopen ($tstring, 80, $errno, $errstr, 5);

Good afternoon,

Ensim 3.1 and Ensim Pro call home all the time.

I have no problems with this at all.

Fills up my log files and my /var/log directory with a whole bunch of wpkey**********

Cheers! :)

/bin/false