Como proteger um plugin premium do WordPress contra distribuição ilegal – hackers

Quais as maneira conhecidas para proteção de plugins premium, contra uso irregular? 🤓 🤔

Você quer lançar um plugin pago, o que pode ser feito para prevenir se não dificultar a distribuição ilegal(craqueada) do plugin?

Técnicas como chamadas para um servidor remoto para verificação da chave/dominio do plugin poderiam dificultar isso. Porém poderiam ser alteradas no código, então invalidando a técnica.

Então, que ideias vocês teriam dentro desse âmbito visando proteger o direito de distribuição do plugin.

(404 Errors) Why are hackers looking for directories named “/najwutoanfga/” and other 10-12 char strings of random letters?

I was looking through the 404 errors of my nginx logs today to see what the hackers are trying to do on my website.

I usued this command:

cat access.log | grep '404' 

I saw the usual requests for directories like “/admin.”, “/backup/”, or “/private/” but I also see a few requests like these:

"GET /yatjgmatiak/ HTTP/1.1"  "GET /gkjasdhytkaf/ HTTP/1.1"  "GET /ukaewlinfsda/ HTTP/1.1"  "GET /vankhasgeskl/ HTTP/1.1" 

There aren’t that many of them (only about 50 total requests) so if it were a brute force attempt at trying to find an admin panel, it would be a poor one.

What do you think these hackers are looking for or trying to do?

Does Lawful Interception of 4G / the proposed 5G provide a back door for hackers as well?

A common saying among people in the field of cryptography and security is that when providing a back door to law enforcement, you also provide a back door for hackers.

I was trying to examine the implementation of Lawful Interception from 4G and the proposed implementation in 5G and to me it looks secure. The only way for a hacker to gain information that they shouldn’t would be if they knew the private key of the base station.

If we assume that the private key of the base station is secure, what could a hacker do that they could not have done without Lawful Interception being implemented?

Is my credit card information “wide open to hackers” without VPN?

I saw an ad for a vpn provider recently where they claimed that, without using a vpn, my credit card information is “wide open to hackers” while shopping on-line. I guess the implication here was that vpns are encrypted, while regular connections are not. However, isn’t https encrypted, and therefore safe to use without vpn? And aren’t on-line stores required to use https or other forms of secure payment?

Would a VPN prevent hackers from gaining access to my network if already breached?

Hypothetically, if someone had access illegally to your network, wireless, or the alike. If you setup a VPN, would that stop the hacker from being able to see everything that you do or would him having prior access to the network trump the VPN setup?

Also, if I do setup a VPN, what protections does it give me as far as keeping people from accessing my email, what I do online, being able to convos through our phones, etc?

As an added security, is the general consensus to use something like a Tor browser or setup (not sure what the technical terms are) along with using a VPN?

Basically, I just want to take steps to the point of overkill to protect my network and any device that is using it as well.

If we are allowing anonymous users to register inside our web site, how we can prevent hackers from occupying others’ email address

I am planning to start a new core MVC web application. One of the features we are having is that anonymous users can register inside our web application by entering their email addresses. then our system will send them a confirmation email, to activate their accounts.

Now by default the system will show error message, in-case a user try to register using existing email address, even if the existing email address was not confirmed. now this will pose a major problem in our system, is that hackers can use others’ email addressees, and prevent them from registering inside our web application. Our web application is a CRM-like for real estate companies, and hackers can try to add as many email addresses has they want, they can get these email addresses from the companies’ web sites such as info@.., contact@..., admin@.. , etc. So is there any problem if I do the following modifications:-

  1. If the user did not confirm the email address in 1 hour, then the system will automatically remove his email address?
  2. When I want to check if an email address is unique to check only the approved email addresses.