Posts by ionCube

We have a script that can assist called the Loader Wizard. Download from http://www.ioncube.com/loader-wizard/loader-wizard.zip and install the PHP script in the zip archive to your website. Use the script from your web browser and it will guide you. If you get stuck you can always contact us for help at http://support.ioncube.com

Hi all

Just wanted to clarify confusion about the ionCube Loader extension. If the extension shows up in phpinfo then it is installed.

ionCube 24 is a related and exciting new service that currently offers FREE intrusion protection by using the ionCube Loader's ability to block unexpected code in real time before it executes and can cause any damage. Without ionCube 24 enabled, if your site has a remote file upload vulnerability, as many do from poor PHP coding and/or faulty web server configuration leaving it vulnerable to steganographic attacks (e.g. PHP malware hidden in jpeg EXIF tags), you're at risk of website defacement or malware being planted. If your server has a root exploit opportunity, and several on Linux tend to get found each year, the PHP malware may easily achieve full server compromise. A vulnerability scanner could be used to identify how an attacker targeted a system but cannot prevent it, and reinstalling the server from scratch is the only safe course of action if vulnerable because even if things appear to fine, this could be because the tools you use to look at the system are themselves compromised; e.g. consider the impact if Unix 'ls', 'rpm', and 'gcc' where modified to behave differently.

Rather than trying to find vulnerabilities, ionCube24 focusses on preventing damage by using knowledge of which files are trusted and the Loader's ability to block any other files or those that are changed before they execute. Through a control panel and other mechanisms, you can specify files that should be trusted, and there is flexible control over things at all times. If a file is blocked you can receive immediate alerts via email and through the real time web interface. The security protection is the first service introduced in ionCube 24, but others are following. Being disabled is the default state and signing up and activating is optional, but if server security matters to you (which we think it should, and we're obsessively passionate about it hence creating the service), we recommend taking a look.

Hope this helps and clarifies
ionCube team