-
Little tool to protect your client ip
Hey guys!
I heard some people complaining about they can't remove their client ip out of the client source. I have a quite good solution for you. Eh.. I mean, 2 solutions.
First thing you have to know.
I think you know people can see your client ip by inspect elements or view-source:http:yourhotel.com. For both I have a solution.
Protection view-source
This is not a very simple one. You need to install an ioncube loader. This avoids people can see the source in view-source. Ehm.. they can see the source but it's encrypted. So.. your ip too.
After you installed ioncube successful you need to place this file somewhere in a reachable directory to include.
Add this rule code at the top of your client source:
PHP Code:
include("path to file/html_encoder_1.9.php");
It should encrypt your source now in view-source.
Protection inspect elements
This is the simple one. You need to follow some steps. We're going to work with jQuery. My best friend :D:. (Javascript too)
Download this files and place them in a directory. (Change this link in the script src link!)
Step 1:
Add this into your client between the header tags:
PHP Code:
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.js"></script>
Step 2:
Add a class called 'information' in a script tag what inside looks like this:
PHP Code:
FlashExternalInterface.loginLogEnabled = true;
FlashExternalInterface.logLoginStep("web.view.start");
if (top == self) {
FlashHabboClient.cacheCheck();
}
var habboReqPath = "";
var BaseUrl = "";
var flashvars = {
"client.starting" : "",
"client.allow.cross.domain" : "1",
"client.notify.cross.domain" : "1",
"client.hotel_view.show_on_startup" : "1",
"site.url" : "",
"url.prefix" : "",
"client.reload.url" : "",
"client.reload.url" : "",
"client.fatal.error.url" : "",
"client.connection.failed.url" : "",
"connection.info.host" : "",
"connection.info.port" : "",
"external.variables.txt" : "",
"external.texts.txt" : "",
"productdata.load.url" : "",
"furnidata.load.url" : "",
"use.sso.ticket" : "1",
"sso.ticket" : "",
"processlog.enabled" : "1",
"flash.client.url" : "",
"flash.client.origin" : "popup",
};
var params = {
"base" : "",
"allowScriptAccess" : "always",
"menu" : "false"
};
What will look like this:
PHP Code:
<script type="text/javascript" class="information">
Step 3:
Add above '<script type="text/javascript" class="information">' this code:
PHP Code:
<script class="information">
$(document).ready(function(){
$('.information').remove();
});
</script>
What will look like this:
PHP Code:
<script class="information">
$(document).ready(function(){
$('.information').remove();
});
</script>
<script type="text/javascript" class="information">
Step 4:
Enjoying your safe hotel :D
Does this release not work for you? You did something wrong. This is not the help section. I'm not going to answer questions about this release here.
Greets.
p.s. Like if you like :D:
-
Re: Little tool to protect your client ip
Gonna try this when my VPS gets back online, people keep coming on my hotel " hide your ip " lmfao, thanks for this.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
ParadiseRel
Gonna try this when my VPS gets back online, people keep coming on my hotel " hide your ip " lmfao, thanks for this.
Use cloudflare.
-
Re: Little tool to protect your client ip
-
Re: Little tool to protect your client ip
-
Re: Little tool to protect your client ip
It just keeps reloading the media fire thing. Could you upload on uppit?
-
Re: Little tool to protect your client ip
not gonna test this but does the inspect element one just remove right click?
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Find
not gonna test this but does the inspect element one just remove right click?
No it also makes your code if someone uses view-source look like a bunch of gibberish. Becomes encrypted.
-
Re: Little tool to protect your client ip
Works like a charm :love:
-
Re: Little tool to protect your client ip
Wouldn't encrypting the source disable the ability to inspect elements? If not, pretty good idea with removing the scripts once the page has loaded. :P:
-
Re: Little tool to protect your client ip
I'm not sure exactly how this works as I have yet to get it working. The download link just refreshes when i click download on media fire on any computer. I will give details on it when I have it working and show a live demo. Thnx :)
-
Re: Little tool to protect your client ip
Just one thing, should i name it class.information.php or just information? Cuz i removed class. :P:
-
Re: Little tool to protect your client ip
For phoenix, simply encrypt it in your habbo.swf :)
-
Re: Little tool to protect your client ip
Not working at all for me. Installed the first part step my step, doesn't work.
-
Re: Little tool to protect your client ip
You can still packet-sniff though.
-
Re: Little tool to protect your client ip
everyone with a normal brain can use wireshark to get your ip
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
n0minal
Wouldn't encrypting the source disable the ability to inspect elements? If not, pretty good idea with removing the scripts once the page has loaded. :P:
True but if you open inspect elements on an other page and you're browsing to the client, it still shows the source.
Quote:
Originally Posted by
Davidaap
everyone with a normal brain can use wireshark to get your ip
Everyone with a normal brain can also protect himself to people who want the ip. :)
-
Re: Little tool to protect your client ip
Don't even need wireshark or 'packet sniffing'
netstat -p ;3
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
Everyone with a normal brain can also protect himself to people who want the ip. :)
Tell me, How are you going to 'protect' your Ip from packet sniffing, Wireshark or netstat like Fullmetal said ? :)
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
FullmetalPride
Don't even need wireshark or 'packet sniffing'
netstat -p ;3
Every one with a normal brain uses a DNS ;3
-
Little tool to protect your client ip
Quote:
Originally Posted by
Prizm
Every one with a normal brain uses a DNS ;3
..Name server? How's that going to protect you.
-
Re: Little tool to protect your client ip
I find encrypting HTML using JavaScript to be childish and demonstrates that you're incapable of solving the issues you have with whoever is attacking you (I assume this is the reason why people "hide their IP").
Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Funixeh
I find encrypting HTML using JavaScript to be childish and demonstrates that you're incapable of solving the issues you have with whoever is attacking you (I assume this is the reason why people "hide their IP").
Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.
I think it's those whom send unorthodox traffic to top (and in some cases - small) retros 'for tha lulz' who have the problem. It's how low the community and the internet have become.
I think it is a good idea - not only will it keep your IP address from others, it might help to prevent direct rips of a website.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Funixeh
I find encrypting HTML using JavaScript to be childish and demonstrates that you're incapable of solving the issues you have with whoever is attacking you (I assume this is the reason why people "hide their IP").
Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.
I'm not gonna lie, about a year ago I used a different method to hide my IP in the client and I must say, it stopped about 90% of attacks. If these kids are so dumb and desperate to attack a hotel, they're probably not intelligent enough to even know how TCP/Networking works. Therefore wouldn't know about netstat, packetlogging or viewing active connections etc..
I do too wish we would get out of this childish phase of booting and attacking each other. I remember a time when getting DDoS'd was the least of your worries, it was your server crashing over night *cough* holograph.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Davidaap
Tell me, How are you going to 'protect' your Ip from packet sniffing, Wireshark or netstat like Fullmetal said ? :)
Hmm, let me think. Are we talking about vps ip or pc/router ip?
Quote:
Originally Posted by
Funixeh
Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.
Look at what this community became. It's a kind of war know. This is one of the best solutions to protect your ip of the client and direct rips. Everyone wants to be the best.
-
Re: Little tool to protect your client ip
The best solution would to be develop some kind of e-herpes, which all e-peen obsessed mongs could catch and be infected with.
People on most places seem to think theyre top dog of retros because they succesfully closed a hotel for 15 minutes with their $5 booter from hackforums.
When the retro community is back to how it use to be, like matthew said when all you have to worry about is server crashing over night(which use to be a right pain in the arse), someone please do find me and tell me its safe to come back.
-
Re: Little tool to protect your client ip
If you want to protect your ip go to x4b.org and use cloudflare and its all fine, x4b sells proxy ips :)
Just replace the sentence you get with the connection.info.host: ip to the sentence you get :)
-
Re: Little tool to protect your client ip
Well, i think that this is an usually tool, thanks.
-
Little tool to protect your client ip
Encrypting HTML is pointless it has to be decrypted so the DOM can parse it which allows your browser to render the pretty views you get and I could just disable JavaScript to stop you removing the IP...
Sent from my iPhone using Tapatalk 2
-
Re: Little tool to protect your client ip
Just press F12 and it shows this:
Code:
client.allow.cross.domain=1&client.notify.cross.domain=1&connection.info.host=habcityrp.com&connection.info.port=30000&site.url=http://en.habcityrp.com&url.prefix=http://en.habcityrp.com&client.reload.url=http://en.habcityrp.com&client.fatal.error.url=http://en.habcityrp.com/client&client.connection.failed.url=http://en.habcityrp.com/client&external.variables.txt=http://en.habcityrp.com/swf/external_variables.php&external.texts.txt=http://en.habcityrp.com/swf/external_flash_texts.php&productdata.load.url=http://en.habcityrp.com/swf/productdata.php&furnidata.load.url=http://en.habcityrp.com/swf/furnidata.php&use.sso.ticket=1&sso.ticket=X6JKVdTWs9&processlog.enabled=1&account_id=19927505&client.starting=HabCity is starting up.&flash.client.url=http://en.habcityrp.com/client&user.hash=fba7b60b15f0b26aa5b56b8f378a0b1b4092ed23&flash.client.origin=popup
in
Code:
<object type="application/x-shockwave-flash"
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Divide
Just press F12 and it shows this:
Code:
client.allow.cross.domain=1&client.notify.cross.domain=1&connection.info.host=habcityrp.com&connection.info.port=30000&site.url=http://en.habcityrp.com&url.prefix=http://en.habcityrp.com&client.reload.url=http://en.habcityrp.com&client.fatal.error.url=http://en.habcityrp.com/client&client.connection.failed.url=http://en.habcityrp.com/client&external.variables.txt=http://en.habcityrp.com/swf/external_variables.php&external.texts.txt=http://en.habcityrp.com/swf/external_flash_texts.php&productdata.load.url=http://en.habcityrp.com/swf/productdata.php&furnidata.load.url=http://en.habcityrp.com/swf/furnidata.php&use.sso.ticket=1&sso.ticket=X6JKVdTWs9&processlog.enabled=1&account_id=19927505&client.starting=HabCity is starting up.&flash.client.url=http://en.habcityrp.com/client&user.hash=fba7b60b15f0b26aa5b56b8f378a0b1b4092ed23&flash.client.origin=popup
You didn't installed the encoder.
Verstuurd van mijn GT-I9000 met Tapatalk
Quote:
Originally Posted by
Jordan
Encrypting HTML is pointless it has to be decrypted so the DOM can parse it which allows your browser to render the pretty views you get and I could just disable JavaScript to stop you removing the IP...
Sent from my iPhone using Tapatalk 2
Yeah, true. But there are still more ways to protect it :)
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
You didn't installed the encoder.
Verstuurd van mijn GT-I9000 met Tapatalk
Err I did :L You didn't code it good?
Let me show it for your hotel (febbo.nl)
Code:
connection.info.host=85.214.48.92&connection.info.port=30000&external.variables.txt=http://febbo.nl/storm/external_variables.php&external.texts.txt=http://febbo.nl/storm/external_flash_texts.php?username=Bennn123&productdata.load.url=http://febbo.nl/storm/productdata.txt&furnidata.load.url=http://febbo.nl/storm/furnidata.txt?v=489&use.sso.ticket=1&sso.ticket=ST-117358-7943373632-6266065184-otaku-9&processlog.enabled=1&flash.client.url=http://febbo.nl/storm/&flash.client.origin=popup
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Divide
Err I did :L You didn't code it good?
Let me show it for your hotel (febbo.nl)
Code:
connection.info.host=85.214.48.92&connection.info.port=30000&external.variables.txt=http://febbo.nl/storm/external_variables.php&external.texts.txt=http://febbo.nl/storm/external_flash_texts.php?username=Bennn123&productdata.load.url=http://febbo.nl/storm/productdata.txt&furnidata.load.url=http://febbo.nl/storm/furnidata.txt?v=489&use.sso.ticket=1&sso.ticket=ST-117358-7943373632-6266065184-otaku-9&processlog.enabled=1&flash.client.url=http://febbo.nl/storm/&flash.client.origin=popup
You disabled javascript in your browser.
True, I didn't add better protection to this in my client. Will start at that soon
Verstuurd van mijn GT-I9000 met Tapatalk
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
You disabled javascript in your browser.
True, I didn't add better protection to this in my client. Will start at that soon
Verstuurd van mijn GT-I9000 met Tapatalk
What the hell, I have done nothing in my browser. Your just bad at this things. You can never hide the IP!
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Divide
What the hell, I have done nothing in my browser. Your just bad at this things. You can never hide the IP!
Bad at this things? Haha, I'm the first one who came with this. For much people this worked fine. You're just bad at this things to install.
And your last sentence is bullshit. What do you think of cloudflare, proxy, domain/ip server replace?
-
Re: Little tool to protect your client ip
Yep,
Netstat with cmd and you have the IP ;-) use Anti-Ddos proxy if you want protect your hotel its cheap.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
TimNL
Yep,
Netstat with cmd and you have the IP ;-) use Anti-Ddos proxy if you want protect your hotel its cheap.
Or use anti ddos hardware costs 3K very cheap.
-
Re: Little tool to protect your client ip
You can always use a proxy with DDOS protection, so you won't need to hide the IP? :-)
This script won't hide your IP totally, you can easily find the IP with wireshark etc.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
pLEDGE
You can always use a proxy with DDOS protection, so you won't need to hide the IP? :-)
This script won't hide your IP totally, you can easily find the IP with wireshark etc.
Agreed but it can help much people.
-
Re: Little tool to protect your client ip
It's Work. Thank for this ;)
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Jordan
Encrypting HTML is pointless it has to be decrypted so the DOM can parse it which allows your browser to render the pretty views you get and I could just disable JavaScript to stop you removing the IP...
True, but as you can see the page will be encrypted with a javascript code. What do you think if you disable javascript? Exactly, the javascript code will nog be decrypted to the source. And yes, you still can't see the ip ;)
-
Re: Little tool to protect your client ip
Thanks man! There are of course always other ways to find out, but this definitely makes your hotel show-off-11-year-old-noob-hacker proof ;P
-
Re: Little tool to protect your client ip
Editing the bytecode would be better.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Miquos
Thanks man! There are of course always other ways to find out, but this definitely makes your hotel show-off-11-year-old-noob-hacker proof ;P
Haha, but this is just the last edit to protect your ip if you already did the good ip protect shit with cloudflare or vpn.
-
Re: Little tool to protect your client ip
Why not make it so if Javascript is disabled, the whole page wont even load.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
MikeDavies
Why not make it so if Javascript is disabled, the whole page wont even load.
Basically that is already in this script, if you installed ioncube. If you don't installed it, it will return a page without content or anything. It will only say: 'Javascript must be enabled to load the page'. Something like that.
I made a client ip protect too with a php script what checks if javascript is enabled or disabled. Works great too. Will probably release it soon.
-
Re: Little tool to protect your client ip
There are many ways to hide the server ip;
1) Setup Proxy with IPTABLES/Windows Firewall.
2) Hide it in external_variables
3) Encode your client.php
But nobody can escape the netstat command =).
There must be a connection established with the server or the proxy.
--
Hiding the ip is not possible.
Thanks for sharing this btw.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Mister. M
There are many ways to hide the server ip;
1) Setup Proxy with IPTABLES/Windows Firewall.
2) Hide it in external_variables
3) Encode your client.php
But nobody can escape the netstat command =).
There must be a connection established with the server or the proxy.
--
Hiding the ip is not possible.
Thanks for sharing this btw.
If you would use proxy, vpn or cloudflare, you can't see the real ip either.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
Basically that is already in this script, if you installed ioncube. If you don't installed it, it will return a page without content or anything. It will only say: 'Javascript must be enabled to load the page'. Something like that.
I made a client ip protect too with a php script what checks if javascript is enabled or disabled. Works great too. Will probably release it soon.
I was not having a go, I have not checked this out and was just throwing our suggestions!
Best way to hide an IP; Get a reverse proxy.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
MikeDavies
I was not having a go, I have not checked this out and was just throwing our suggestions!
Best way to hide an IP; Get a reverse proxy.
Easy.. Everybody does say that. I do really know that. This only a kind of addon to hide your ip IN YOU CMS. No cmd or something...
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
If you would use proxy, vpn or cloudflare, you can't see the real ip either.
If i flood the VPN/proxy and it redirects to your Emulator... Or i attack directly.. Whats the point/diffrence?
It goes to the same address.. If i attack the VPN with 1 Gb/s it will even redirect it to the destination (emulator server).
.... I don't see the point to hide my IP's.. Very stupid..
But once again, thanks! For sharing this..
--
Mikey
-
Re: Little tool to protect your client ip
Stop being cheap and buy DDoS mitigation/TCP proxy. lol
If you can't spend an extra $10 or so, why run a retro? Just shows you'll be closing by the next month.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Mister. M
If i flood the VPN/proxy and it redirects to your Emulator... Or i attack directly.. Whats the point/diffrence?
It goes to the same address.. If i attack the VPN with 1 Gb/s it will even redirect it to the destination (emulator server).
.... I don't see the point to hide my IP's.. Very stupid..
But once again, thanks! For sharing this..
--
Mikey
thanks, but this is needed in this shit retro community. Everyone is booting each other for no reason. Eh.. Yeah, one reason. Being the best.
If vps redirects to the real ip address, why would everybody buy it if it doesn't make sense ?
Quote:
Originally Posted by
Bow
Stop being cheap and buy DDoS mitigation/TCP proxy. lol
If you can't spend an extra $10 or so, why run a retro? Just shows you'll be closing by the next month.
And why do you tell this? We just discuss about this. Never said I'm cheap or something..
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
And why do you tell this? We just discuss about this. Never said I'm cheap or something..
Correct, you just don't have money.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
XenoGFX
Correct, you just don't have money.
Damn, you don't know anything about me so fall death or something. Mind your own business.
I'm done with all these annoying people around here who think they know anything and they're badasses. With all these fucking assholes the habbo section here will die because every good developer will leave.
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
PremiumEye
Step 1:
Add this into your client between the header tags:
PHP Code:
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.js"></script>
Ehwm, don't you think one version of jquery is enough?!
-
Re: Little tool to protect your client ip
my client is white o.O whats wrong?
-
Re: Little tool to protect your client ip
Quote:
Originally Posted by
Bifi2000
Ehwm, don't you think one version of jquery is enough?!
Every version contains more or less browsers.
-
Re: Little tool to protect your client ip
Ehm... Have some problems with this tool.
Can you help me?
Add me then at Skype : JamalHD.
-
Re: Little tool to protect your client ip
Uh, I have a problem.
It does not work, nothing happens.
You can share a Client page already encrypted?
Thank you.
Uh, I have a problem.
It does not work, nothing happens.
You can share a Client page already encrypted?
Thank you.
-
Re: Little tool to protect your client ip
I'm surprised no one has really elaborated this, there is NO REAL WAY to hide your server IP address.. It's just not possible, some how hackers/attackers will be able to find your IP! All these methods are just small barriers to 'help' protect you, but there's always ways over those barriers. The only way to protect those barriers is if there were breached is things like "DDoS Hardware, uplinks, reverse proxy's, etc..", which acts as the bouncer or security guard for the server (allows the good traffic and blocks/rejects the bad traffic) - So for all the kids out there, there is no real way to protect your hotels! I'm sorry to break it to you this way!
-
Re: Little tool to protect your client ip
Handy tutorial/release. It'll come in handy for many of the newer people to retros and development. :thumbup:
-
Re: Little tool to protect your client ip
Thanks, but yea, i don't need this at all. Actually, when i check hotels and see they have protection in their client, it just makes me wanna ddos them. :/ Cheap solutions don't work well, buy a ddos proxy ;)
-
Re: Little tool to protect your client ip
This won't hide your frontend source code.
You can always inspect elements, or use Javascript Console to debug and you have the page source code.
-
Re: Little tool to protect your client ip
i'll give a fuck at my source code... all i just want is to hide my ip.... with this "small barriers" ^.^
So my client is white when i follow the "instructions" ;S