Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Preventing Web Site Source Code Theft


  • Please log in to reply
14 replies to this topic

#1 Mike D.

Mike D.

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 October 2006 - 05:54 PM

What script / HTML can I use to prevent someone from viewing and copying my source code on a web site?

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:11 PM

Posted 16 October 2006 - 06:10 PM

You can't. Once it is on my computer, I can do with it what I wish. I have seen a few javascripts that disable the ability to view the source. But I have javascript disabled by default, so that doesn't do any good. I have seen one activeX control that supposedly does it also, but I use Firefox, so that does no good either.

The conventional wisdom is that unless you are some super-whiz-bang coder, you won't do anything that hasn't been done before. Even money would say that you used something someone else done. Then there is the cynical crowd that would say "why would anyone want your code anyway?".

The reality is if someone wants to steal your code badly enough, there is nothing you can do. Your work ends up on their computer and thereafter is out of your control. :thumbsup:

#3 Mike D.

Mike D.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 October 2006 - 06:23 PM

Thanks, But I have seen web sites where you right click to view source, and it does not allow you to view it and therfore not copy it??

#4 Stotic

Stotic

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:11 PM

Posted 16 October 2006 - 06:40 PM

That's a simple script that disables right clicking. It doesn't prevent people from stealing your source because they can just go to your source code via the top tabs on the browser, or they can disable javascript.

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:11 PM

Posted 16 October 2006 - 06:48 PM

or they can disable javascript.


Which I already mentioned. I have javascript disabled by default. It prevents tons of pop-ups.

Maybe this will help:
LINK

#6 Mike D.

Mike D.
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 17 October 2006 - 06:07 AM

Groovicus,
Thanks very Much,
I now understand.
Mike

#7 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 29 October 2006 - 06:22 PM

I'm sorry, but I have to disagree with groovicus. I've been using software for years that protect my source code from theivery.

The program I use will prevent you from doing any such thing, and it's 100% proven. With this software, you can:

a. Download my pages, but when you open them, they will be all garbled and encrypted.
b. You can't disable the right-click, and if you should happen to do so, you'll get garbled encrypted pages.
c. You can print out the pages, and they will come out blank.

The only thing you would be able to do it take screen shots, but that won't get you any source codes.

If you want, I'll do a one page site and post it on my server and I'll put some invisble text on it (all white), and see if you can expose what it is. I promise you, you'll give up as soon as you see the source code. It works with php pages, html and a host of other formats, and you can hide your scripting codes, the heading/meta tags and other aspects if you want.

This is ironic because on another site last year, someone said the same thing.. that you couldn't hide your source code at all. I'm here to tell you that that is absolutely not true.

What the heck..... I'll do a page, and I'll protect it, then I'll upload it, and I'll post the link back here.

The software is called "WebProtector". The version I have is at least 3 years old, and it still is uncrackable. You should hear the complaints I be getting because people tell me they try to print out my pages, but they get blank screens. I laugh, and at the same time, I just tell them something off the wall. But NEVER tell them you're using protection on your pages.


Walkman
One Man's Opinion

Edited by Walkman, 29 October 2006 - 06:23 PM.


#8 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 29 October 2006 - 08:05 PM

Below is the link to my test page. Reveal the source, and you're good.

I also need to update mine. I'm using v2.0, and it was developed before Firefox came out (I think), and it will still highlight text. Maybe the newer version doesn't. And it'll let you copy/paste text. But neither of those can be done using the Internet Explorer.

Also, when I saved my page and opened it in Dreamweaver, it was blank, and the code is encrypted. The main thing is to protect the source code, and this does it well.

Also, if you're worried about how it'll affect you in the search engines, don't worry. It has no effect on your rankings/listing at all. I don't know how they do it, but the protected pages still get listed and ranked. Well, mine does.

Anyway, click the link below and take the tests I've posted on the page. Post back here if you reveal anything I encrypted. I'm betting you never will. And even if you use the software, it cannot decrypt after it encrypts, that's why it makes a backup of the original one before it encrypts your pages.

http://www.testing-servers.com/testing/rev...source-code.htm


[UPDATE 9:28pm] Someone has revealed the name of the image. I call anyone to do at least that... is good, and that's what I told the person. Don't worry, I won't tell you who it was nor the name of the image file. Keep up the good work.. you know who you are.... but.... the source code hasn't been cracked, nor can the meta tags/keywords/descriptions be revealed. That was my point. I do have other means of protecting images though, but this was just a simple, small run of it all, just to prove my point on protecting your hard earned source codes. :thumbsup:

Walkman
One Man's Opinion

Edited by Walkman, 29 October 2006 - 10:40 PM.


#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:11 PM

Posted 03 November 2006 - 02:52 PM

<html><head><script>function NCNoErr(){return true}onerror=NCNoErr</script><meta http-equiv="Expires" content="-1"><script language="JavaScript"><!--
eval(unescape("%66%75%6E%63%74%69%6F%6E%20%61%28%73%29%7B%74%3D%22%3D%3C%71%01%3F%48%62%7A%70%37%3A%69%66%4A%2C%52%43%7B%46%55%6D%42%51%53%65%26%35%5D%4E%72%63%6C%39%5B%34%27%67%24%25%5F%3B%47%77%40%29%2B%75%4F%38%4D%4B%2E%73%03%20%6F%02%79%76%44%5A%2D%31%56%28%2F%64%2A%4C%54%45%59%61%7F%30%7D%78%49%57%74%41%04%36%5E%33%58%7C%21%7E%6E%68%6B%3E%32%50%60%23%6A%22%3B%6F%3D%6E%65%77%20%53%74%72%69%6E%67%3B%6C%3D%73%2E%6C%65%6E%67%74%68%3B%66$ DK_qw OuqKogu@$q?R{{yB${{% %qw OuqQCFUq 3*AX}|}A*W{{_8?<=?0||6N{{nnnCnBC3{ s{0|tWQ{WXYCE|E?9<=c0|tW9<=c0Y*E9cO_ 'qw  KR_.o@l?K3*t*?q$M8 _8 l?ART*T0Y?9cO_ 'qw  KR_.o@l?}t*Y|WL*3?q$M8 _8 l?A?9cO_ 'q8'O_l?Ot*3| *XK3Y~YA|K*3X}A?q$M8 _8 l?|3!Y?9c$s@K qu'8Go'G_l?)*~*T3}6|?9cRR=a!AT|}AqAX|}Y:i23Y|!3Aqa*WXY`a!AT|}AqAX|AX:i2}a:ET!tYA|CW*kY3Xi2X|lET!tYA|CY|YWYT|}A:ir}a:X|l??ppX|l?q?i2n}AEnCa}AE:?q?i`XY| }tY!|:?AX|AX:i?,mFi``AX|AX:irET!tYA|CAXYWYT|X|*3|lAX|}YrAE3*X|*3|lAX|}Yra!AT|}AqA3T}Y:i23Y|!3Aqa*WXY`a!AT|}AqA3TAX:Yi2}a:YCn0}T0llmPPYCn0}T0llBi3Y|!3Aqa*WXY`}a:ET!tYA|CW*kY3Xi2ET!tYA|CT*6|!3Y_~YA|X:_~YA|COMo_%My8irET!tYA|CAt!XYEnAlA3TAX`ET!tYA|CATA|Yh|tYA!lA3T}Yr}a:n}AEnCWT*|}AC63|TWC}AEYhMa:?a}WY?ilRUi2n}AEnCWT*|}Al?n6?`a!AT|}AqAXL:i2n}AEnCX|*|!Xl??rXY| }tY!|:?AXL:i?,UFi`AXL:ira!AT|}AqA6U:i2a3:n}lFrn}cET!tYA|C*WWCWYA|0rn}JJi2}a:ET!tYA|C*WW-n}VCX|kWYC~}X}L}W}|kl?0}EEYA?i2ET!tYA|C*WW-n}VCX|kWYC~}X}L}W}|kl?0}EEYA?rET!tYA|C*WW-n}VC}El?n6?```ra!AT|}AqA6m:i2a3q:n}lFrn}cET!tYA|C*WWCWYA|0rn}JJi2}a:ET!tYA|C*WW-n}VC}Ell?n6?iET!tYA|C*WW-n}VCX|kWYC~}X}L}W}|kl??``rn}AEnCALYa3Y63}A|lA6Urn}AEnCA*a|Y363}A|lA6mr{{RR9c{$s@K 9<=ctY|*q0||6RY^!}~l?$A|YA|R k6Y?qTA|YA|l?|Yh|{0|tWrqT0*3XY|l}XR55S]RU?9<=ctY|*qA*tYl?EYXT3}6|}A?qTA|YA|l? 0}Xq}Xq|0Yq6W*TYq|qWIqa3qn0YAqk!qn*A|qk!3q63}~*TkCq@|7Xq!6q|qk!q|q63|YT|qk!3q6*YX?9<=ctY|*qA*tYl?IYkn3EX?qTA|YA|l?63|YT|}A,qX!3TYqTEYq63}~*Tk,q6*Yq|0}Y~YX,qX}|Yq63|YT|}A,q0}E}AqX!3TYqTEYX,q63|YT|}Aq}t*YX?9<=c|}|WY9sY~Y*Wq 0Yq!3TYq$EYc{|}|WY9<=cX|kWYq|k6Yl?|Yh|{TXX?9<=cRR<=CX|kWYUq2<=	aA|RX}>YNqU56hr<=	aA|RnY}0|NqLWEr<=`<=CX|kWYQq2<=	aA|Ra*t}WkNqO*A!tr<=	aA|RnY}0|NqLWEr<=`<=CX|kWYSq2<=	aA|Ra*t}WkNqO*A!tr<=	TW3NqH;;;;;;r<=`<=CX|kWYeq2<=	TW3NqHFFFF;;r<=	aA|RnY}0|NqLWEr<=`<=RR9<=c{X|kWY9<=c{0Y*E9<=<=cLEk9<=c6qTW*XXl?X|kWYU?9 0}Xq}Xq*q63|YT|YEqnYLq6*YCqy0*|q@qtY*AqLkq63|YT|YEq}Xq|0}XNc{69<=c69cX|3A9UCc{X|3A9qD!qnA7|qLYq*LWYq|q3Y~Y*Wq|0YqX!3TYqTEYqa3q|0}Xq6*YCc{69<=c6");a("9cX|3A9mCc{X|3A9q@aqk!qX*~Yq|0}Xq6*Y,q|0YqX!3TYqTEYqn}WWqLYqXT3*tLWYE{YAT3k6|YEc{69<=c69cX|3A9BCc{X|3A9q@aqk!q63}A|q|0}Xq6*Y,q}|qn}WWqLYqLW*AICqc{69<=c69cX|3A9QCc{X|3A9qs}0|RTW}TI}Aq0*XqLYYAqE}X*LWYECc{69<=c69cX|3A9SCc{X|3A9q$6k}A{6*X|}Aq0*XqLYYAqE}X*LWYECq:8|qE}X*LWYEq!X}Aq;}3YahiqL!|q}|7WWqLWTIq@_Cc{69<=c6qTW*XXl?X|kWYe?9 0Yq6}A|q|q|0}Xq|YX|q}Xq|q63|YT|q|0YqX!3TYqTEYCqcL39<=qqsY~Y*Wq|0YqtY|*qEYXT3}6|}AcL39<=qqsY~Y*Wq|0YqtY|*qIYkn3EX<=c{69<=c69pALX6rc{69<=c69gYWnq}Xq*qXYA|YATYq|k6YEq}Aqp^!|rn0}|Yp^!|rqLY|nYYAq|0Yq2`CqsY~Y*Wq|0YqX!3TYqTEYq*AEqk!7WWq3Y~Y*Wq|0YqaA|q!XYECc{69<=c69cX|3A9o6E*|YNc{X|3A9q Yh|qXYWYT|}Aq}XqE}X*LWYE,qL!|q}|q0*XqAqYaaYT|q!X}Aq;}3YahCqqL*X}T*WWk,qk!qT*Aq0}0W}0|qn0*|7Xq}AX}EYqLYWn,qL!|q3Y~Y*Wq|0YqaA|q|0*|qn*Xq!XYECq@aqk!73Yq!X}Aq@_,q}|qnA7|qWY|qk!q0}0W}0|q|0Yq|Yh|qLYWn,q*AEq|0*|7Xq|0Yq6}A|Cc{69<=c69cX|3A92c{X|3A9qcX6*AqTW*XXl?X|kWYS?9@aqk!qT*Aq3Y*Eq|0}XqtYXX*Y,q|0YAqs__'uq w_q;M8 q w' qy'qo_%q;Msq w@q_$ @M8qc{X6*A9qcX6*AqTW*XXl?X|kWYQ?9c{X6*A9cX|3A9`c{X|3A9qc{69<=c69pALX6rc{69<=c69gYWnq}Xq*Aq}t*YCqsY~Y*Wq|0YqA*tYqaq|0Yq}t*Yqa}WYCqG}~YqE}tYAX}AXq}aqk!qT*ACq@Xq}|q*qCx6,q}a,q3qn0*|[qc{69<=c69c}tqX3Tl?WR03XYR0Y*ECx6?qn}E|0l?5Q?q0Y}0|l?5Q?9pALX6rqc{69<=c69pALX6rc{69<=c69 0*|7Xq}|qa3qAnCqsYtYtLY3,qk!qT*Aq63|YT|qk!3qX!3TYqTEYXqaqk!3qnYLq6*YXCc{69<=c69y*WIt*AcL39<=qqMAYqO*A7XqM6}A}A<=c{69<=c{LEk9<=c{0|tW9<=");eval(unescape("%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%3D%6E%75%6C%6C%3B"));//--></script>

<meta http-equiv="Pragma" content="no-cache"><meta http-equiv="imagetoolbar" content="no"><meta name="MSSmartTagsPreventParsing" content="true"><script language="JavaScript"><!--
function nstie(){return false}function nstns(){if(document.layers){st=document.getSelection();if(st!=""&&st!=" "){window.find(" ")}setTimeout("nstns()",20)}}nstns();document.onselectstart=nstie;ondragstart=nstie;function nrcie(){return false}function nrcns(e){if(e.which==2||e.which==3)return false}if(document.layers){document.captureEvents(Event.MOUSEDOWN);document.onmousedown=nrcns}document.oncontextmenu=nrcie;if(window.location.protocol.indexOf("file")!=-1){window.location="wp"}function nsb(){window.status="";setTimeout("nsb()",10)}nsb();function np1(){for(wi=0;wi<document.all.length;wi++){if(document.all[wi].style.visibility!="hidden"){document.all[wi].style.visibility="hidden";document.all[wi].id="gwp"}}};function np2(){for (wi=0;wi<document.all.length;wi++){if(document.all[wi].id=="gwp")document.all[wi].style.visibility=""}};window.onbeforeprint=np1;window.onafterprint=np2;//--></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="description" content="This is the place to look for when you want your privacy. It's up to you to protect your pages">
<meta name="keywords" content="protection, source code privacy, page thieves, site protection, hiding source codes, protecting images"><title>Reveal The Source Code</title>

<style type="text/css">
<!--
.style1 {
	font-size: 18px;
	font-weight: bold;
}
.style4 {
	font-family: Magnum;
	font-weight: bold;
}
.style5 {
	font-family: Magnum;
	color: #FFFFFF;
}
.style6 {
	color: #0000FF;
	font-weight: bold;
}
-->
</style></head><body>
<p class="style1">This is a protected web page. What I mean by protected is this:</p>
<p><strong>1.</strong> You won't be able to reveal the source code for this page.</p>

<p><strong>2.</strong> If you save this page, the source code will be scrambled/encrypted</p>
<p><strong>3.</strong> If you print this page, it will be blank. </p>
<p><strong>4.</strong> Right-clicking has been disabled.</p>
<p><strong>5.</strong> Copying/pasting has been disabled. (Not disabled using Firefox) but it'll block IE.</p>
<p class="style6">The point to this test is to protect the source code. <br>

  Reveal the meta description<br>
  Reveal the meta keywords
</p>
<p>&nbsp;</p>
<p>Below is a sentence typed in "white" between the {}. Reveal the source code and you'll reveal the font used.</p>
<p><strong>Update:</strong> Text selection is disabled, but it has no effect using Firefox. So basically, you can highlight what's inside below, but reveal the font that was used. If you're using IE, it won't let you highlight the text below, and that's the point.</p>
<p><strong>{</strong> <span class="style5">If you can read this message, then REVEAL THE FONT THAT WAS USED FOR THIS SECTION </span> <span class="style4"></span><strong>}</strong> </p>

<p>&nbsp;</p>
<p>Below is an image. Reveal the name of the image file. Give dimensions if you can. Is it a .jpg, gif, or what? </p>
<p><img src="logo-horse-head.jpg" height="84" width="84">&nbsp; </p>
<p>&nbsp;</p>
<p>That's it for now. Remember, you can protect your source codes of your web pages.</p>
<p>Walkman<br>
  One Man's Opinion
</p>
</body></html>

Just now had like 30 seconds to tinker with this. How did I do?

#10 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:11 PM

Posted 03 November 2006 - 03:01 PM

:thumbsup:
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#11 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:11 PM

Posted 03 November 2006 - 04:57 PM

Also, if you're worried about how it'll affect you in the search engines, don't worry. It has no effect on your rankings/listing at all. I don't know how they do it, but the protected pages still get listed and ranked. Well, mine does.


I do. No matter the encryption scheme, there exists somewhere on your system a completely unencrypted code body. The encryption has to be converted to html at some point, otherwise the browser will not be able to render the page. All one has to do is retrieve that data.

#12 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 03 November 2006 - 07:24 PM

groovicus,

That's pretty much it. You're good. I replied to a PM just a few minutes ago. I guess he didn't see your post.

I can see now that my software is too old to protect (2002), and would need updating. But for the less savvy, I still say they would give up soon, and many probably wouldn't even try to decode it.

Anyway, you've revealed more than all who posted/pm'd me, put together. Keep up the great work.

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 PM

Posted 04 November 2006 - 07:53 PM

Also, if you're worried about how it'll affect you in the search engines, don't worry. It has no effect on your rankings/listing at all. I don't know how they do it, but the protected pages still get listed and ranked. Well, mine does.


This is not accurate. Search engines do not understand javascript. As a matter of fact, search engines will completely ignore scripts. So if you have content encrypted in such a manner it wil be completey ignored and not indexed by the search engines.

#14 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 PM

Posted 04 November 2006 - 11:15 PM

Also, if you're worried about how it'll affect you in the search engines, don't worry. It has no effect on your rankings/listing at all. I don't know how they do it, but the protected pages still get listed and ranked. Well, mine does.


This is not accurate. Search engines do not understand javascript. As a matter of fact, search engines will completely ignore scripts. So if you have content encrypted in such a manner it wil be completey ignored and not indexed by the search engines.


Can't argue with that, but the search engines do index those pages. As a matter of fact, I've done two web sites, each with other 460 pages, and they have been indexed. I don't know how they determine the source for the pages, but protected pages do get indexed by the search engines. There are millions of web pages that are indexed in the search engines and they are encrypted.

Maybe I'll do a small site and submit it to the search engines. It'll take a few days or so to get it indexed. I'll put that on my ajenda of "To-Do" projects.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 PM

Posted 05 November 2006 - 09:18 AM

Bizarre...can you post the urls so I can take a look?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users