Little tool to protect your client ip

Hey guys!
I heard some people complaining about they can't remove their client ip out of the client source. I have a quite good solution for you. Eh.. I mean, 2 solutions.

First thing you have to know.
I think you know people can see your client ip by inspect elements or view-source:http:yourhotel.com. For both I have a solution.

Protection view-source
This is not a very simple one. You need to install an ioncube loader. This avoids people can see the source in view-source. Ehm.. they can see the source but it's encrypted. So.. your ip too.

After you installed ioncube successful you need to place this file somewhere in a reachable directory to include.

Add this rule code at the top of your client source:

PHP Code:

---

include("path to file/html_encoder_1.9.php"); 


---

It should encrypt your source now in view-source.

Protection inspect elements
This is the simple one. You need to follow some steps. We're going to work with jQuery. My best friend :D:. (Javascript too)

Download this files and place them in a directory. (Change this link in the script src link!)

Step 1:
Add this into your client between the header tags:

PHP Code:

---

<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.js"></script> 


---

Step 2:
Add a class called 'information' in a script tag what inside looks like this:

PHP Code:

---

FlashExternalInterface.loginLogEnabled = true;

    FlashExternalInterface.logLoginStep("web.view.start");

    if (top == self) {
        FlashHabboClient.cacheCheck();
    }


    var habboReqPath = "";

    var BaseUrl = "";

    var flashvars = {
        "client.starting" : "", 
        "client.allow.cross.domain" : "1", 
        "client.notify.cross.domain" : "1", 
        "client.hotel_view.show_on_startup" : "1",
        "site.url" : "", 
        "url.prefix" : "",
        "client.reload.url" : "", 
        "client.reload.url" : "", 
        "client.fatal.error.url" : "", 
        "client.connection.failed.url" : "",  
        "connection.info.host" : "",
        "connection.info.port" : "",
        "external.variables.txt" : "",
        "external.texts.txt" : "",
        "productdata.load.url" : "",
        "furnidata.load.url" : "",
        "use.sso.ticket" : "1", 
        "sso.ticket" : "",
        "processlog.enabled" : "1",
        "flash.client.url" : "",
        "flash.client.origin" : "popup",
    };

    var params = {

        "base" : "",
        "allowScriptAccess" : "always",
        "menu" : "false"                

    }; 


---

What will look like this:

PHP Code:

---

<script type="text/javascript" class="information"> 


---

Step 3:
Add above '<script type="text/javascript" class="information">' this code:

PHP Code:

---

<script class="information">
$(document).ready(function(){
    $('.information').remove();
});
</script> 


---

What will look like this:

PHP Code:

---

<script class="information">
$(document).ready(function(){
    $('.information').remove();
});
</script>

<script type="text/javascript" class="information"> 


---

Step 4:
Enjoying your safe hotel :D

Does this release not work for you? You did something wrong. This is not the help section. I'm not going to answer questions about this release here.

Greets.

p.s. Like if you like :D:

Gonna try this when my VPS gets back online, people keep coming on my hotel " hide your ip " lmfao, thanks for this.

Quote:

---

Originally Posted by ParadiseRel

Gonna try this when my VPS gets back online, people keep coming on my hotel " hide your ip " lmfao, thanks for this.

---

Use cloudflare.

Download keeps failing?

Working good for me?

It just keeps reloading the media fire thing. Could you upload on uppit?

not gonna test this but does the inspect element one just remove right click?

Quote:

---

Originally Posted by Find

not gonna test this but does the inspect element one just remove right click?

---

No it also makes your code if someone uses view-source look like a bunch of gibberish. Becomes encrypted.

Works like a charm :love:

Wouldn't encrypting the source disable the ability to inspect elements? If not, pretty good idea with removing the scripts once the page has loaded. :P:

I'm not sure exactly how this works as I have yet to get it working. The download link just refreshes when i click download on media fire on any computer. I will give details on it when I have it working and show a live demo. Thnx :)

Just one thing, should i name it class.information.php or just information? Cuz i removed class. :P:

For phoenix, simply encrypt it in your habbo.swf :)

Not working at all for me. Installed the first part step my step, doesn't work.

You can still packet-sniff though.

everyone with a normal brain can use wireshark to get your ip

Quote:

---

Originally Posted by n0minal

Wouldn't encrypting the source disable the ability to inspect elements? If not, pretty good idea with removing the scripts once the page has loaded. :P:

---

True but if you open inspect elements on an other page and you're browsing to the client, it still shows the source.

Quote:

---

Originally Posted by Davidaap

everyone with a normal brain can use wireshark to get your ip

---

Everyone with a normal brain can also protect himself to people who want the ip. :)

Don't even need wireshark or 'packet sniffing'

netstat -p ;3

Quote:

---

Originally Posted by PremiumEye

Everyone with a normal brain can also protect himself to people who want the ip. :)

---

Tell me, How are you going to 'protect' your Ip from packet sniffing, Wireshark or netstat like Fullmetal said ? :)

Quote:

---

Originally Posted by FullmetalPride

Don't even need wireshark or 'packet sniffing'

netstat -p ;3

---

Every one with a normal brain uses a DNS ;3

Quote:

---

Originally Posted by Prizm

Every one with a normal brain uses a DNS ;3

---

..Name server? How's that going to protect you.

I find encrypting HTML using JavaScript to be childish and demonstrates that you're incapable of solving the issues you have with whoever is attacking you (I assume this is the reason why people "hide their IP").

Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.

Quote:

---

Originally Posted by Funixeh

I find encrypting HTML using JavaScript to be childish and demonstrates that you're incapable of solving the issues you have with whoever is attacking you (I assume this is the reason why people "hide their IP").

Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.

---

I think it's those whom send unorthodox traffic to top (and in some cases - small) retros 'for tha lulz' who have the problem. It's how low the community and the internet have become.

I think it is a good idea - not only will it keep your IP address from others, it might help to prevent direct rips of a website.

Quote:

---

Originally Posted by Funixeh

I find encrypting HTML using JavaScript to be childish and demonstrates that you're incapable of solving the issues you have with whoever is attacking you (I assume this is the reason why people "hide their IP").

Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.

---

I'm not gonna lie, about a year ago I used a different method to hide my IP in the client and I must say, it stopped about 90% of attacks. If these kids are so dumb and desperate to attack a hotel, they're probably not intelligent enough to even know how TCP/Networking works. Therefore wouldn't know about netstat, packetlogging or viewing active connections etc..

I do too wish we would get out of this childish phase of booting and attacking each other. I remember a time when getting DDoS'd was the least of your worries, it was your server crashing over night *cough* holograph.

Quote:

---

Originally Posted by Davidaap

Tell me, How are you going to 'protect' your Ip from packet sniffing, Wireshark or netstat like Fullmetal said ? :)

---

Hmm, let me think. Are we talking about vps ip or pc/router ip?

Quote:

---

Originally Posted by Funixeh

Honestly. This trend is very unneeded. There's no reason to hide away a server's IP address.

---

Look at what this community became. It's a kind of war know. This is one of the best solutions to protect your ip of the client and direct rips. Everyone wants to be the best.

The best solution would to be develop some kind of e-herpes, which all e-peen obsessed mongs could catch and be infected with.
People on most places seem to think theyre top dog of retros because they succesfully closed a hotel for 15 minutes with their $5 booter from hackforums.
When the retro community is back to how it use to be, like matthew said when all you have to worry about is server crashing over night(which use to be a right pain in the arse), someone please do find me and tell me its safe to come back.

If you want to protect your ip go to x4b.org and use cloudflare and its all fine, x4b sells proxy ips :)
Just replace the sentence you get with the connection.info.host: ip to the sentence you get :)

Well, i think that this is an usually tool, thanks.

Encrypting HTML is pointless it has to be decrypted so the DOM can parse it which allows your browser to render the pretty views you get and I could just disable JavaScript to stop you removing the IP...


Sent from my iPhone using Tapatalk 2

Just press F12 and it shows this:

Code:

---

client.allow.cross.domain=1&client.notify.cross.domain=1&connection.info.host=habcityrp.com&connection.info.port=30000&site.url=http://en.habcityrp.com&url.prefix=http://en.habcityrp.com&client.reload.url=http://en.habcityrp.com&client.fatal.error.url=http://en.habcityrp.com/client&client.connection.failed.url=http://en.habcityrp.com/client&external.variables.txt=http://en.habcityrp.com/swf/external_variables.php&external.texts.txt=http://en.habcityrp.com/swf/external_flash_texts.php&productdata.load.url=http://en.habcityrp.com/swf/productdata.php&furnidata.load.url=http://en.habcityrp.com/swf/furnidata.php&use.sso.ticket=1&sso.ticket=X6JKVdTWs9&processlog.enabled=1&account_id=19927505&client.starting=HabCity is starting up.&flash.client.url=http://en.habcityrp.com/client&user.hash=fba7b60b15f0b26aa5b56b8f378a0b1b4092ed23&flash.client.origin=popup

---

in

Code:

---

<object type="application/x-shockwave-flash"

---

Quote:

---

Originally Posted by Divide

Just press F12 and it shows this:

Code:

---

client.allow.cross.domain=1&client.notify.cross.domain=1&connection.info.host=habcityrp.com&connection.info.port=30000&site.url=http://en.habcityrp.com&url.prefix=http://en.habcityrp.com&client.reload.url=http://en.habcityrp.com&client.fatal.error.url=http://en.habcityrp.com/client&client.connection.failed.url=http://en.habcityrp.com/client&external.variables.txt=http://en.habcityrp.com/swf/external_variables.php&external.texts.txt=http://en.habcityrp.com/swf/external_flash_texts.php&productdata.load.url=http://en.habcityrp.com/swf/productdata.php&furnidata.load.url=http://en.habcityrp.com/swf/furnidata.php&use.sso.ticket=1&sso.ticket=X6JKVdTWs9&processlog.enabled=1&account_id=19927505&client.starting=HabCity is starting up.&flash.client.url=http://en.habcityrp.com/client&user.hash=fba7b60b15f0b26aa5b56b8f378a0b1b4092ed23&flash.client.origin=popup

---

---

You didn't installed the encoder.

Verstuurd van mijn GT-I9000 met Tapatalk

Quote:

---

Originally Posted by Jordan

Encrypting HTML is pointless it has to be decrypted so the DOM can parse it which allows your browser to render the pretty views you get and I could just disable JavaScript to stop you removing the IP...


Sent from my iPhone using Tapatalk 2

---

Yeah, true. But there are still more ways to protect it :)

Quote:

---

Originally Posted by PremiumEye

You didn't installed the encoder.

Verstuurd van mijn GT-I9000 met Tapatalk

---

Err I did :L You didn't code it good?
Let me show it for your hotel (febbo.nl)

Code:

---

connection.info.host=85.214.48.92&connection.info.port=30000&external.variables.txt=http://febbo.nl/storm/external_variables.php&external.texts.txt=http://febbo.nl/storm/external_flash_texts.php?username=Bennn123&productdata.load.url=http://febbo.nl/storm/productdata.txt&furnidata.load.url=http://febbo.nl/storm/furnidata.txt?v=489&use.sso.ticket=1&sso.ticket=ST-117358-7943373632-6266065184-otaku-9&processlog.enabled=1&flash.client.url=http://febbo.nl/storm/&flash.client.origin=popup

---

Quote:

---

Originally Posted by Divide

Err I did :L You didn't code it good?
Let me show it for your hotel (febbo.nl)

Code:

---

connection.info.host=85.214.48.92&connection.info.port=30000&external.variables.txt=http://febbo.nl/storm/external_variables.php&external.texts.txt=http://febbo.nl/storm/external_flash_texts.php?username=Bennn123&productdata.load.url=http://febbo.nl/storm/productdata.txt&furnidata.load.url=http://febbo.nl/storm/furnidata.txt?v=489&use.sso.ticket=1&sso.ticket=ST-117358-7943373632-6266065184-otaku-9&processlog.enabled=1&flash.client.url=http://febbo.nl/storm/&flash.client.origin=popup

---

---

You disabled javascript in your browser.
True, I didn't add better protection to this in my client. Will start at that soon

Verstuurd van mijn GT-I9000 met Tapatalk

Quote:

---

Originally Posted by PremiumEye

You disabled javascript in your browser.
True, I didn't add better protection to this in my client. Will start at that soon

Verstuurd van mijn GT-I9000 met Tapatalk

---

What the hell, I have done nothing in my browser. Your just bad at this things. You can never hide the IP!

Quote:

---

Originally Posted by Divide

What the hell, I have done nothing in my browser. Your just bad at this things. You can never hide the IP!

---

Bad at this things? Haha, I'm the first one who came with this. For much people this worked fine. You're just bad at this things to install.
And your last sentence is bullshit. What do you think of cloudflare, proxy, domain/ip server replace?

Yep,

Netstat with cmd and you have the IP ;-) use Anti-Ddos proxy if you want protect your hotel its cheap.

Quote:

---

Originally Posted by TimNL

Yep,

Netstat with cmd and you have the IP ;-) use Anti-Ddos proxy if you want protect your hotel its cheap.

---

Or use anti ddos hardware costs 3K very cheap.

You can always use a proxy with DDOS protection, so you won't need to hide the IP? :-)

This script won't hide your IP totally, you can easily find the IP with wireshark etc.

Quote:

---

Originally Posted by pLEDGE

You can always use a proxy with DDOS protection, so you won't need to hide the IP? :-)

This script won't hide your IP totally, you can easily find the IP with wireshark etc.

---

Agreed but it can help much people.

It's Work. Thank for this ;)

Quote:

---

Originally Posted by Jordan

Encrypting HTML is pointless it has to be decrypted so the DOM can parse it which allows your browser to render the pretty views you get and I could just disable JavaScript to stop you removing the IP...

---

True, but as you can see the page will be encrypted with a javascript code. What do you think if you disable javascript? Exactly, the javascript code will nog be decrypted to the source. And yes, you still can't see the ip ;)

Thanks man! There are of course always other ways to find out, but this definitely makes your hotel show-off-11-year-old-noob-hacker proof ;P

Editing the bytecode would be better.

Quote:

---

Originally Posted by Miquos

Thanks man! There are of course always other ways to find out, but this definitely makes your hotel show-off-11-year-old-noob-hacker proof ;P

---

Haha, but this is just the last edit to protect your ip if you already did the good ip protect shit with cloudflare or vpn.

Why not make it so if Javascript is disabled, the whole page wont even load.

Quote:

---

Originally Posted by MikeDavies

Why not make it so if Javascript is disabled, the whole page wont even load.

---

Basically that is already in this script, if you installed ioncube. If you don't installed it, it will return a page without content or anything. It will only say: 'Javascript must be enabled to load the page'. Something like that.

I made a client ip protect too with a php script what checks if javascript is enabled or disabled. Works great too. Will probably release it soon.

There are many ways to hide the server ip;
1) Setup Proxy with IPTABLES/Windows Firewall.
2) Hide it in external_variables
3) Encode your client.php

But nobody can escape the netstat command =).
There must be a connection established with the server or the proxy.

--
Hiding the ip is not possible.
Thanks for sharing this btw.

Quote:

---

Originally Posted by Mister. M

There are many ways to hide the server ip;
1) Setup Proxy with IPTABLES/Windows Firewall.
2) Hide it in external_variables
3) Encode your client.php

But nobody can escape the netstat command =).
There must be a connection established with the server or the proxy.

--
Hiding the ip is not possible.
Thanks for sharing this btw.

---

If you would use proxy, vpn or cloudflare, you can't see the real ip either.

Quote:

---

Originally Posted by PremiumEye

Basically that is already in this script, if you installed ioncube. If you don't installed it, it will return a page without content or anything. It will only say: 'Javascript must be enabled to load the page'. Something like that.

I made a client ip protect too with a php script what checks if javascript is enabled or disabled. Works great too. Will probably release it soon.

---

I was not having a go, I have not checked this out and was just throwing our suggestions!

Best way to hide an IP; Get a reverse proxy.

Quote:

---

Originally Posted by MikeDavies

I was not having a go, I have not checked this out and was just throwing our suggestions!

Best way to hide an IP; Get a reverse proxy.

---

Easy.. Everybody does say that. I do really know that. This only a kind of addon to hide your ip IN YOU CMS. No cmd or something...

Quote:

---

Originally Posted by PremiumEye

If you would use proxy, vpn or cloudflare, you can't see the real ip either.

---

If i flood the VPN/proxy and it redirects to your Emulator... Or i attack directly.. Whats the point/diffrence?
It goes to the same address.. If i attack the VPN with 1 Gb/s it will even redirect it to the destination (emulator server).

.... I don't see the point to hide my IP's.. Very stupid..

But once again, thanks! For sharing this..

--
Mikey

Stop being cheap and buy DDoS mitigation/TCP proxy. lol

If you can't spend an extra $10 or so, why run a retro? Just shows you'll be closing by the next month.

Quote:

---

Originally Posted by Mister. M

If i flood the VPN/proxy and it redirects to your Emulator... Or i attack directly.. Whats the point/diffrence?
It goes to the same address.. If i attack the VPN with 1 Gb/s it will even redirect it to the destination (emulator server).

.... I don't see the point to hide my IP's.. Very stupid..

But once again, thanks! For sharing this..

--
Mikey

---

thanks, but this is needed in this shit retro community. Everyone is booting each other for no reason. Eh.. Yeah, one reason. Being the best.

If vps redirects to the real ip address, why would everybody buy it if it doesn't make sense ?

Quote:

---

Originally Posted by Bow

Stop being cheap and buy DDoS mitigation/TCP proxy. lol

If you can't spend an extra $10 or so, why run a retro? Just shows you'll be closing by the next month.

---

And why do you tell this? We just discuss about this. Never said I'm cheap or something..

Quote:

---

Originally Posted by PremiumEye

And why do you tell this? We just discuss about this. Never said I'm cheap or something..

---

Correct, you just don't have money.

Quote:

---

Originally Posted by XenoGFX

Correct, you just don't have money.

---

Damn, you don't know anything about me so fall death or something. Mind your own business.

I'm done with all these annoying people around here who think they know anything and they're badasses. With all these fucking assholes the habbo section here will die because every good developer will leave.

Quote:

---

Originally Posted by PremiumEye

Step 1:
Add this into your client between the header tags:

PHP Code:

---

<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://link.com/pathtofile/jQuery/jquery-latest.js"></script> 


---

---

Ehwm, don't you think one version of jquery is enough?!

my client is white o.O whats wrong?

Quote:

---

Originally Posted by Bifi2000

Ehwm, don't you think one version of jquery is enough?!

---

Every version contains more or less browsers.

Ehm... Have some problems with this tool.

Can you help me?

Add me then at Skype : JamalHD.

Uh, I have a problem.
It does not work, nothing happens.
You can share a Client page already encrypted?
Thank you.

Uh, I have a problem.
It does not work, nothing happens.
You can share a Client page already encrypted?
Thank you.

I'm surprised no one has really elaborated this, there is NO REAL WAY to hide your server IP address.. It's just not possible, some how hackers/attackers will be able to find your IP! All these methods are just small barriers to 'help' protect you, but there's always ways over those barriers. The only way to protect those barriers is if there were breached is things like "DDoS Hardware, uplinks, reverse proxy's, etc..", which acts as the bouncer or security guard for the server (allows the good traffic and blocks/rejects the bad traffic) - So for all the kids out there, there is no real way to protect your hotels! I'm sorry to break it to you this way!

Handy tutorial/release. It'll come in handy for many of the newer people to retros and development. :thumbup:

Thanks, but yea, i don't need this at all. Actually, when i check hotels and see they have protection in their client, it just makes me wanna ddos them. :/ Cheap solutions don't work well, buy a ddos proxy ;)

This won't hide your frontend source code.

You can always inspect elements, or use Javascript Console to debug and you have the page source code.

i'll give a fuck at my source code... all i just want is to hide my ip.... with this "small barriers" ^.^

So my client is white when i follow the "instructions" ;S