Zend Encoder bad for the internet
Like many hosting companies (although many won’t admit it), our customers often have problems with their accounts being compromised. 99% of the time this is because they were running a 3rd party script with a significant security flaw in it. The worst are the 3rd party billing scripts, sometimes people who compromise the accounts even leave exact copies of those 3rd party billing scripts around as back doors, that’s how bad they are.
So, in addition to constantly asking/reminding customers to upgrade the scripts they run (phpbb…) and to verify that all files are theirs, we often look for “signatures” in scripts, things that show up frequently in the backdoor scripts that are left around. These signatures have changed over the years, but now the hackers are actually using zend encoder to hide some of the files.
It was already bad enough with zend stuff that we couldn’t help customers troubleshoot or improve performance on scripts, but now we can’t even tell if a script is legit or not, and since many “developers” (I use that word lightly since these are people who can’t even figure out how to install a simple script without having to chmod 777 the entire webroot) do the complete install, our customers often don’t know what files are supposed to be there. So the hackers put in an encrypted zend file, and pretty much get free reign then, and are only detected when they do something bad enough that the customer notices (the site being defaced or whatever). This is especially bad on shared servers, since most everyone has some script installed that says “YOU HAVE TO CHMOD 777 EVERYTHING FOR THIS TO WORK” or whatever.
I hope that people come to realize that using encoded software is bad for them in the long run, just as most DRM-related software is.
I think the fact that we are unable to help with script issues is a more major issue. I have customers who contact me and say “my site is slow” and I have to tell them, well, your script is encrypted (make sure to use encrypted, not encoded lest they tell you to decode it :P) and there is nothing I can do for them. More frustrating is when I see a MySQL query that takes, say, 30 seconds to execute and is degrading preformance badly and I KNOW how to fix it but am unable to because that query is encoded in the script.
And, yes, I even had one guy who insited that in order for his script to function he needed root access on the MySQL server (oh, but he told me, it will work if you just create a new global account with full privliges, it doesn’t actually have to be the root account — yeah, sure, just hang on 2 seconds).
Oh well, never underestimate the stupidity of people.
[...] Zend Encoder is bad for the internet. Just trying to spread the word. [...]