As the title says this is the Ugly truth about nulled themes/plugins/scripts or what greedy developers hide from you.
We all hear or read that nulled scripts are full of viruses, backdoors and so on. Here's a quote from a plugin developer
Apparently fear of viruses and backdoors infiltrated so deep in everyone's mind that nulled is always associated with virus.
SO WRONG!!
What "nulled" actually mean?
Nulled mean equaled with null, zeroed and it refers to communication mechanism between the script and licensing server being zeroed or removed.
Why is it necessary?
Developers want to control the spread of their scripts and make sure no one uses it without paying. Pretty hard task though. So they come with protection mechanism like licensing, auto-deletion, auto-removal and even backdoors that allows them access to sites that they consider having installed their scripts without a license.
While licensing mechanism is relatively inoffensive the others are even worse than hackers trying to access your site. Why? Because of the following 2 reasons:
1 - they don't respect you as future clients and your privacy. I personally wouldn't want to deal with a dev that included a backdoor in his script.
2 - they open holes for hackers for easier access to your server. Developers never thought of that, they only think they can control from distance and all solved. But basically they expose you and their clients to easy hacking.
So why is necessary? Because you want to fully try all the aspects of the script before you put your money on it and without being forced to buy a license and then go trough a painful process of asking for refund. Try before you actually buy.
I often hear this question: "Is it safe to use it on live server?"
Answer does not belong to yes/no group. It depends. It depends on how evil is the developer and how much he wants to hurt so called infringers that didn't buy his script officially.
There are scripts that can be used safely on live servers after nulling. With remote calls to dev server removed they don't have another way of communication.
There are scripts that cannot be used on live servers. Those are the scripts that contains hidden by their own developers tools of remote control.
NO NULLER will thoroughly check an entire script to discover hidden eggs. They will only null communication and that's all. If the communication is 2 way it can be easily discovered and removed so the remote control tools are made useless. If there's also 1 way com from dev to your site hidden somewhere in the code that usually goes unnoticed and it won't be removed.
Well, I cannot post this thread without admitting that there are malevolent third parties that intentionally alter developer's scripts to include above mentioned tools of control.
But here at Babiato we are doing our best to keep everyone safe from third party inclusions. We cannot check thoroughly every script provided but our nulling team is a very responsible one with priority to security of the scripts and our members.
Although we do not endorse the use of nulled scripts on production servers we do encourage "try before you buy" ideology. Why? Because we have seen so many cases of greedy developers that praised their scripts and after they were bought and verified that they don't do what was promoted developers refused to refund.
If you ever download from Babiato a script containing third party remote control code that doesn't appear in original script from developer site please do announce us ASAP so we can eliminate the threat and disrespectful user from our community.
Long story short:
Q: are nulled scripts safe for use?
A: 90% yes but for many It depends from where they were taken of. For others it depends if the developer intentionally added and hide (encoded or not) tools of remote control in his original script.
Bottom line: It is your choice of using nulled scripts or not. We do strongly recommend you that if you like a nulled script you tested and was fit for your needs to buy a legal license from developer to help him/them with future development of the script.
We all hear or read that nulled scripts are full of viruses, backdoors and so on. Here's a quote from a plugin developer
without even mentioning that in most of the cases that malware is added by developers themselves.
Apparently fear of viruses and backdoors infiltrated so deep in everyone's mind that nulled is always associated with virus.
SO WRONG!!
What "nulled" actually mean?
Nulled mean equaled with null, zeroed and it refers to communication mechanism between the script and licensing server being zeroed or removed.
Why is it necessary?
Developers want to control the spread of their scripts and make sure no one uses it without paying. Pretty hard task though. So they come with protection mechanism like licensing, auto-deletion, auto-removal and even backdoors that allows them access to sites that they consider having installed their scripts without a license.
While licensing mechanism is relatively inoffensive the others are even worse than hackers trying to access your site. Why? Because of the following 2 reasons:
1 - they don't respect you as future clients and your privacy. I personally wouldn't want to deal with a dev that included a backdoor in his script.
2 - they open holes for hackers for easier access to your server. Developers never thought of that, they only think they can control from distance and all solved. But basically they expose you and their clients to easy hacking.
So why is necessary? Because you want to fully try all the aspects of the script before you put your money on it and without being forced to buy a license and then go trough a painful process of asking for refund. Try before you actually buy.
I often hear this question: "Is it safe to use it on live server?"
Answer does not belong to yes/no group. It depends. It depends on how evil is the developer and how much he wants to hurt so called infringers that didn't buy his script officially.
There are scripts that can be used safely on live servers after nulling. With remote calls to dev server removed they don't have another way of communication.
There are scripts that cannot be used on live servers. Those are the scripts that contains hidden by their own developers tools of remote control.
NO NULLER will thoroughly check an entire script to discover hidden eggs. They will only null communication and that's all. If the communication is 2 way it can be easily discovered and removed so the remote control tools are made useless. If there's also 1 way com from dev to your site hidden somewhere in the code that usually goes unnoticed and it won't be removed.
Well, I cannot post this thread without admitting that there are malevolent third parties that intentionally alter developer's scripts to include above mentioned tools of control.
But here at Babiato we are doing our best to keep everyone safe from third party inclusions. We cannot check thoroughly every script provided but our nulling team is a very responsible one with priority to security of the scripts and our members.
Although we do not endorse the use of nulled scripts on production servers we do encourage "try before you buy" ideology. Why? Because we have seen so many cases of greedy developers that praised their scripts and after they were bought and verified that they don't do what was promoted developers refused to refund.
If you ever download from Babiato a script containing third party remote control code that doesn't appear in original script from developer site please do announce us ASAP so we can eliminate the threat and disrespectful user from our community.
Long story short:
Q: are nulled scripts safe for use?
A: 90% yes but for many It depends from where they were taken of. For others it depends if the developer intentionally added and hide (encoded or not) tools of remote control in his original script.
Bottom line: It is your choice of using nulled scripts or not. We do strongly recommend you that if you like a nulled script you tested and was fit for your needs to buy a legal license from developer to help him/them with future development of the script.
Last edited by a moderator:
