How to install ionCube loader Published: Mar 19, 2004
  • Rating


Criticism is quickly growing over VeriSign's surprise decision to take control of all unassigned .com and .net domain names, a move that has wreaked havoc on many e-mail utilities and antispam filters.

Criticism is quickly growing over VeriSign's surprise decision to take control of all unassigned .com and .net domain names, a move that has wreaked havoc on many e-mail utilities and antispam filters.

On Monday, VeriSign began to redirect domain lookups for misspelled or nonexistent names to its own site, a process that has confused Internet e-mail utilities and drawn angry denunciations of the company's business practices from frustrated network administrators. The Mountain View, Calif.-based company enjoys a government-granted monopoly as the master database administrator for .com and .net.

VeriSign's new policy is intended to generate more advertising revenue from additional visitors to its network of Web sites. But the change has had the side effect of rewiring a portion of the Internet that software designers always had expected to behave a certain way, snarling antispam mechanisms that check to see if the sender's domain exists, complicating the analysis of network problems, and possibly even polluting search engine results.

A representative for VeriSign did not respond to a request for comment Tuesday. On Monday, VeriSign released an eight-page paper describing the implementation of its "Site Finder" program, saying it "improves the user Web-browsing experience when the user has submitted a query for a nonexistent second-level domain in the .com and .net second-level domains...(Previously) his or her Web browser returned an error message that contained no useful information."

In an unusual kind of grassroots movement, some network administrators have begun to invent and launch technical countermeasures against VeriSign. A discussion thread on the North American Network Operators' Group mailing list was titled "What *are* they smoking?" and offered technical tips on how to configure routers and servers to block access to VeriSign's site, so Web users would receive the traditional "nonexistent domain" error message.

"There are already modifications to BIND software to take responses that contain that VeriSign address and turn it into a nonexistent domain error," Karl Auerbach, a veteran Internet engineer and former board member of the Internet Corporation for Assigned Names and Numbers (ICANN), said about the standard utility used for domain name lookups. "There are also several Internet service provider-type people dealing with routing information who are already talking about blocking (the VeriSign site). I believe some have."

VeriSign is not the first domain-name company to try to profit from typos and errors, but because .com and .net represent such a huge percentage of Internet names, its decisions have the most profound impact. Some of the other top-level domains that have adopted a similar policy include .cc, .museum, .nu, .ph, .tm and .ws. Microsoft's Internet Explorer also returns a similar error message and search box, but because the redirection is performed by the end user's computer, the effect is limited.

[pagebreak title='Verisign's Antispam Foil']

The antispam foil
Yakov Shafranovich, co-chair of the Anti-Spam Research Group organized under the Internet Research Task Force, said some spam blockers are being thrown for a loop, because the computer that VeriSign uses to respond to misspelled or nonexistent domains is misconfigured. The VeriSign software--named the "Snubby Mail Rejector Daemon v1.3"--does not follow Internet standards, Shafranovich said. He also warned the VeriSign change was creating problems--for example, leading some older versions of SpamAssassin to view the entire Internet as a source of spam.

"Some of the antispam tools in our group broke because of this," Shafranovich said. "They put up an SMTP server, but it's not a real SMTP server."

One post to an Internet Engineering Task Force mailing list quipped: "This certainly qualifies as 'most broken SMTP implementation ever.' Will the protocol police please send out a squad car to pick up the suspects?" SMTP stands for the Simple Mail Transport Protocol, the Internet's workhorse standard.

 VeriSign's decision, which was done without consulting the Internet standards groups, came just a few days after the U.S. Federal Trade Commission accused the company of deceptive business practices for sending "domain name expiration notices" to competitors' customers in early 2002.

Neither ICANN, which in principle oversees VeriSign's actions as the domain name registrar, nor the U.S. Department of Commerce, which has a contract with VeriSign, responded to requests for comment.

An ICANN representative said, "We have no comment at this time, but I hope that we'll have something over the next few days."

A representative for the Commerce Department referred questions to ICANN and VeriSign. The government's contract says VeriSign "shall take all reasonable steps to ensure the continued...functionality and accessibility" of the domain name registration system.

Auerbach said he strongly dislikes VeriSign's new policy, but he admits: "ICANN and the Department of Commerce can't clearly say that (VeriSign is) violating Internet standards. It's impossible for Internet standards to enumerate all the dumb things you can do."

Critics say VeriSign's move evokes privacy and national security implications as well. Because passwords sometimes are included after the hostname in Web links, a misspelled domain name could transmit sensitive information to the company. Also, because of the way network providers cache domain name queries, VeriSign's policy means that it will take longer for new domains to propagate--something that could be a problem if a Web site is launched to deliver emergency information about an earthquake or a terrorist attack, for example.

Earlier this year, VeriSign was dealt a harsh rebuke in a similar matter by the highly regarded Internet Architecture Board. Referring to the Domain Name System (DNS), the board's unanimous statement said: "The system VeriSign had deployed for .com and .net contains significant DNS protocol errors, risks the further development of secure DNS, and confuses the resolution mechanisms of the DNS with application-based search systems."

VeriSign shares closed Tuesday at $15.81, up 4 cents.

  • Rating


Related Articles

Comments (14)

  • Gravatar - KDU
    KDU 14:24, January 12, 2005
    Dear sir,Let say i am renting web hosting with some company. I didnt have root access.. but i have ssh access instead cpanel. Is there anyway for me install ioncube?
  • Gravatar - Justin
    Justin 11:04, March 8, 2006
    They should have it installed, it's default for most. I just asked my web hosting company and they did it for me.
  • Gravatar - serviceTech
    serviceTech 06:12, March 26, 2006
    I get this error on restarting apache:<br />
    <br />
    Failed loading /usr/local/ioncube/ /usr/local/ioncube/ cannot open shared object file: No such file or directory<br />
    <br />
    The path is correct and the said file is present.<br />
    <br />
    Any ideas?<br />
  • Gravatar - norman
    norman 15:08, July 7, 2006
    You have the wrong version of the loaders installed. You either put in the 32 bit or the 64 bit version and you need the other.
  • Gravatar - shan
    shan 14:44, December 13, 2006
    "Paste in your new line for ioncube loader<br />
    zend_extension= /usr/local/ioncube/"<br />
    <br />
    this line<br />
    zend_extension=/usr/local/ioncube/"<br />
    must be the first line before the other zend_extensions
  • Gravatar - John
    John 17:09, April 11, 2007
    This tutorial is a little dated - the names of files have changed slightly.
  • Gravatar - nate
    nate 19:10, May 14, 2007
    I seem to be getting stuck at the last part. When I go to I am told that the file has been encoded with ionCube. Isn't this the file that's supposed to help you with that? Thanks!
  • Gravatar - Siavash
    Siavash 03:08, January 21, 2008
    Dear Admin<br />
    <br />
    I want to setup this moudle on the localhost<br />
    help me
  • Gravatar - compassrose
    compassrose 23:09, February 16, 2009
    The instructions provided by ioncube and this forum were correct to a point. Perhaps I have an unusual WAMP Server 2.0 installation but the loader failed consistently despite numerous attempts to place the dll file in various directories (per instructions.)<br />
    <br />
    On a hunch, I finally copied the appropriate dll (ioncube_loader_win_XXX.dll) into the apache directory: [drive letter]:\wamp\bin\apache\apache2.2.8\bin<br />
    <br />
    I then edited the php.ini file and added the following modified line: zend_extension_ts = "[driver letter]:\wamp\bin\apache\apache2.2.8\bin\ioncube_loader_win_XXX.dll" in the location recommended by ioncube, et al. No more errors and the module appears to be working.<br />
    <br />
    Hope this helps others.
  • Gravatar - Madiemax
    Madiemax 23:14, December 12, 2009
    Thanks Compassrose. Follow you directions for localhost and works fine. Well done!
  • Gravatar - Hector
    Hector 07:27, February 23, 2010
    How can disable the loader or be able to see the php coding so I can introduce cahanges to my web site
  • Gravatar - DNN
    DNN 23:30, March 17, 2011
    I am having trouble with the ioncube loader wizard script and how to properly do the SSH commands on my own. What I am trying to do is get the ioncube loader working, so that I can login to my administrative control panel. I've uploaded the site properly and everything else, but my server tells me I need ioncubeloader 5.0.2_so and it's not working...

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2018