Mod developers, Please DONT use Base64 to encrypt!

I just purchased my first mod that has Base64 encryption in it. And was promptly quick fired 8 emails, got locked out of my FTP account, and had my site flagged and blocked SIMPLY by trying to install Datelys' GeoDistance, because he apparently encrypted files with base64_decode(rawurldecode). The malware scan reports them as malware even if they are not 'just' because malware is usually encoded this way, while the more professional way is with ioncube or zend. I understand Base64 is cheaper, but its just not a free range anymore. Hosts are cracking down on stuff like this!

And after a google search, I have found that MORE and more hosts are responding this exact way!

----------------------------------------

Unknown Bytes complete FAILED! :The file you uploaded, GeoDistance_1.0.0_7.1.x.zip, contains a virus so the upload was canceled: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND

----------------------------------------

"As a part of A2 Hosting Perpetual Security, we detected that someone logged into your FTP account at 03/15/15 02:11 and uploaded a file with potentially damaging content to /home/***/public_html/***/modules/Dately/geodistance/classes/DatelyGeoDModule.php.

The good news is, we have already taken action to stop further harm to your account! Unfortunately, this includes flagging your site as possibly hostile, changing the password for the account and disrupting traffic to your site. Also, we may investigate any files involved and remove them automatically if needed. Please let us know if you wish to review the files beforehand."

Wow seems like you need to change hosts.. LOL.. I have that module as well.. Not much use for it any more but I never got any of that with http://www.zarconia.net/

I hear ya. But honestly, My host isn't the problem. As I said, do a Google search, and you will find more and more hosts doing their version of protection against base64 encrypted files. 

This prevents call-backs, tracking, etc.

The problem is this antiquated method of encryption that is being used more by malicious script kiddies, then legitimate developers. Even though its core PHP, it's still past it's prime. :(

I told you i will rewrite the one code line not using base64 so you can upload it. Only one with some math in it I have encoded so the rest of the mod can be freely customized by everybody.

Its totally legitimate to use base64 but its not ok to block it without you cannot whitelist manually. If they refuse to support all php code then you really should switch, i never heard of such troubles, maybe only with such providers want to secure their system so they have not much trouble later with viruses etc. (Shared Hoster). You get what you pay for.

I wonder how dolphin can run on this server, its using the same routine to protect the license stuff. Why this is not being blocked? Strange

Oh and by the way the encryption in one codeline is in there because i had enough dealing with support question for around 200 people while i only sold 20 of this mod in the beginning. I also found my calculation 1:1 in another software. Any other solution than the one using pure php commands cannot be guaranteed to run on every provider so there is only this solution everybody uses i think. If somebody knows another one let me know.

My code is not totally encrypted like some other modules, its only one line of code with some mathematical functions.

This field normally is used to inform the customer that he can modify the code or not. So its how i understand it. Its not meant to tell people this or that php command might being used. Because it makes no sense to modify the calculation i call it not encrypted. Just because sin() * tan() * cosin() / pi * 0,36 cannot be seen using base64? Nor really or?

Dolphin itself also uses base64 in a couple of locations.

 Then it's used in a way that's not triggering scanners.

{HEX}gzbase64.inject.unclassed.15.UNOFFICIAL 

 
It triggers scanners from time to time. There are a few reports in the forums. It occurs once in a while.

Sounds like they're using CXS or some other software and leaving it at the defaults. If we followed all the recommendations from ConfigServer, we'd only be able to run a static HTML site. This problem is very much with the hosts and scanners not being intelligent about this, and instead blanket-banning based on results and not researching what an option does before blindly turning it on.

You should contact your host and tell them that not all base64-encrypted code is bad. I'm sure if you tried to upload a new copy of Dolphin right now, it'd trip their scanners.