Install ionCube PHP Loader on Rocky Linux 9: Protect Scripts

This guide will show you how to Install ionCube PHP Loader on Rocky Linux 9. As a simple explanation, ionCube Loader is a module for PHP that is used to load PHP-encrypted files. This option will increase your security to protect your scripts.

In this guide on the Orcacore website, you will learn to activate your ionCube PHP loader step by step on Rocky Linux 9. The process will help you protect your code.

Note: If you are looking for installation steps of the PHP ionCube loader on another OS, you can visit the following guides:

Set up PHP ionCube Loader on Debian 11

Install PHP ionCube Loader on Centos 7

Install ionCube Loader on Ubuntu 22.04

To complete this guide, you must access your server as a root user. For this purpose, you can visit our guide on Initial Server Setup with Rocky Linux 9.

Now follow the steps below to complete this guide on PHP ionCube loader setup.

Step 1 – Install PHP 8.1 on Rocky Linux 9

Rocky Linux 9 ships with the default PHP 8.0, but to Install ionCube PHP Loader on Rocky Linux 9, you must have PHP 8.1 installed on your server. To do this, follow the steps below:

First, you must run the system update:

sudo dnf update -y

Then, install the Epel repository on your server with the following command:

sudo dnf install epel-release -y

Now use the command below to add the Remi repository:

sudo dnf install dnf-utils https://rpms.remirepo.net/enterprise/remi-release-9.rpm

Again run the system update:

sudo dnf update -y

Here you need to remove the PHP and PHP-FPM previous versions if you have them installed on your server. To do this, run the following command:

sudo dnf remove php php-fpm -y

Then remove the rest of the package extensions with the command below:

sudo dnf remove php* -y

To reset the PHP module list on Rocky Linux 9, you can use the following command:

sudo dnf module list reset php -y

Now you need to enable PHP 8.1 on Rocky Linux 9 with the command below:

sudo dnf module enable php:remi-8.1

At this point, you have added the Remi PHP repository and enabled PHP 8.1 to be the default version on your system, you can install PHP 8.1 and httpd service with the following command:

sudo dnf install php httpd -y

Verify your PHP installation by checking its version:

php --version

**Output**
PHP 8.1.18 (cli) (built: Apr 11 2023 16:47:45) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.1.18, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.18, Copyright (c), by Zend Technologies

Step 2 – Install ionCube Loader on Rocky Linux 9

At this point you have PHP 8.1 installed on your Rocky Linux 9, proceed to the following steps to set up your PHP ionCube loader. This step allows you to Install ionCube PHP Loader on Rocky Linux 9.

Download ionCube PHP Loader

Visit the ionCube Loader downloads page and get the latest version by using the following wget command:

wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

When your download is completed, extract your downloaded file with the following command:

tar xzf ioncube_loaders_lin_x86-64.tar.gz

Then, use the following command to list the content of the PHP ionCube loader directory on Rocky Linux 9:

ls ioncube

In your output, you will see:

**Output**
ioncube_loader_lin_4.1.so     ioncube_loader_lin_5.6_ts.so
ioncube_loader_lin_4.2.so     ioncube_loader_lin_7.0.so
ioncube_loader_lin_4.3.so     ioncube_loader_lin_7.0_ts.so
ioncube_loader_lin_4.3_ts.so  ioncube_loader_lin_7.1.so
ioncube_loader_lin_4.4.so     ioncube_loader_lin_7.1_ts.so
ioncube_loader_lin_4.4_ts.so  ioncube_loader_lin_7.2.so
ioncube_loader_lin_5.0.so     ioncube_loader_lin_7.2_ts.so
ioncube_loader_lin_5.0_ts.so  ioncube_loader_lin_7.3.so
ioncube_loader_lin_5.1.so     ioncube_loader_lin_7.3_ts.so
ioncube_loader_lin_5.1_ts.so  ioncube_loader_lin_7.4.so
ioncube_loader_lin_5.2.so     ioncube_loader_lin_7.4_ts.so
ioncube_loader_lin_5.2_ts.so  ioncube_loader_lin_8.1.so
ioncube_loader_lin_5.3.so     ioncube_loader_lin_8.1_ts.so
ioncube_loader_lin_5.3_ts.so  LICENSE.txt
ioncube_loader_lin_5.4.so     loader-wizard.php
ioncube_loader_lin_5.4_ts.so  README.txt
ioncube_loader_lin_5.5.so     USER-GUIDE.pdf
ioncube_loader_lin_5.5_ts.so  USER-GUIDE.txt
ioncube_loader_lin_5.6.so

How To Activate ionCube Loader in PHP?

At this point, you need to find the location of the extension directory. To do this, you can use the following command:

php -i | grep extension_dir

**Output**
extension_dir => /usr/lib64/php/modules => /usr/lib64/php/modules

Next, copy the ionCube loader module from the ionCube directory that matches your PHP version to the PHP extension directory on Rocky Linux 9:

cp ioncube/ioncube_loader_lin_8.1.so /usr/lib64/php/modules/

Then, you need to enable the PHP ionCube loader by editing the php.ini file. You can use your favorite text editor, here we use the vi editor:

vi /etc/php.ini

Add the following line at the end of the file:

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_8.1.so

When you are done, save and close the file.

Finally, restart Apache to apply the changes:

systemctl restart httpd

Verify ionCube Loader PHP module Activation

At this point, you can verify your PHP ionCube loader module by checking the PHP version:

php -v

If everything is fine, you should get the following output:

**Output**
PHP 8.1.18 (cli) (built: Apr 11 2023 16:47:45) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.1.18, Copyright (c) Zend Technologies
    with the **ionCube PHP Loader** v12.0.5, Copyright (c) 2002-2022, by ionCube Ltd.
    with Zend OPcache v8.1.18, Copyright (c), by Zend Technologies

Also, you can use the following command:

php -m

**Output**
...
[Zend Modules]
Zend OPcache
the ionCube PHP Loader

The above output confirms that the PHP ionCube extension is loaded on your Rocky Linux 9 server. You have now completed the steps to Install ionCube PHP Loader on Rocky Linux 9.

Conclusion

At this point, you have learned to protect your PHP scripts by installing the ionCube loader on Rocky Linux 9. As you saw, you should just install PHP 8.1 and follow the simple steps to activate your ionCube loader.

Hope you enjoy it. You may also like these articles:

Install OnlyOffice on Rocky Linux 8

Install Ruby on Rails on AlmaLinux 9

FAQs

Alternative Solutions for Protecting PHP Scripts on Rocky Linux 9

While ionCube is a popular solution for protecting PHP scripts, there are alternative approaches you can consider. Here are two different ways to achieve script protection on Rocky Linux 9:

1. Using PHP-FIG Standards and Open Source Encryption Libraries:

This approach leverages existing PHP standards and libraries to encrypt and decrypt your code. It provides more control over the encryption process and avoids vendor lock-in.

• Explanation: This method involves encrypting your PHP code using a library like defuse/php-encryption which follows PHP-FIG standards for cryptography. The encrypted code is then stored and decrypted at runtime. The key management is crucial here, requiring secure storage and access control.

• Implementation Steps:

  1. Install the Encryption Library: Use Composer to install the defuse/php-encryption library.

     composer require defuse/php-encryption

  2. Generate an Encryption Key: Create a strong encryption key and store it securely.

     <?php
     
     use DefuseCryptoKey;
     
     $key = Key::createNewRandomKey();
     $keyAscii = $key->saveToAsciiSafeString();
     
     echo "Encryption Key: " . $keyAscii . "n";
     
     // Store $keyAscii securely (e.g., in an environment variable or encrypted file)
     ?>

  3. Encrypt your PHP Script: Encrypt the PHP script using the generated key.

     <?php
     
     use DefuseCryptoCrypto;
     use DefuseCryptoKey;
     
     // Retrieve the encryption key from secure storage
     $keyAscii = getenv('ENCRYPTION_KEY'); //Example assuming using an environment variable
     
     // Load the key
     $key = Key::loadFromAsciiSafeString($keyAscii);
     
     // The original PHP code to encrypt
     $plainText = file_get_contents('original_script.php');
     
     // Encrypt the code
     $cipherText = Crypto::encrypt($plainText, $key);
     
     // Save the encrypted code
     file_put_contents('encrypted_script.php', $cipherText);
     ?>

  4. Create a Loader Script: Create a script to decrypt and execute the encrypted PHP code.

     <?php
     
     use DefuseCryptoCrypto;
     use DefuseCryptoKey;
     
     // Retrieve the encryption key from secure storage
     $keyAscii = getenv('ENCRYPTION_KEY');
     
     // Load the key
     $key = Key::loadFromAsciiSafeString($keyAscii);
     
     // Load the encrypted code
     $cipherText = file_get_contents('encrypted_script.php');
     
     // Decrypt the code
     $plainText = Crypto::decrypt($cipherText, $key);
     
     // Execute the decrypted code
     eval('?>' . $plainText);
     
     ?>

  5. Security Considerations:

     • Key Management: Securely store and manage the encryption key. Avoid hardcoding it in the loader script. Use environment variables or a dedicated key management system.
     • Permissions: Ensure appropriate file permissions on the encrypted scripts and the loader script.
     • Input Validation: Always validate any input used in your PHP scripts to prevent code injection vulnerabilities.
     • Eval() Use: Be extremely cautious using eval(). While necessary here, it poses security risks if the decrypted code contains vulnerabilities.

2. Using SourceGuardian:

SourceGuardian, similar to ionCube, is a commercial PHP encoder that protects PHP scripts by encoding and licensing them.

• Explanation: SourceGuardian encodes PHP scripts into bytecode, which is then executed by the SourceGuardian loader. It also provides licensing features, allowing you to control the distribution and usage of your scripts.

• Implementation Steps:

  1. Install SourceGuardian Encoder: Download and install the SourceGuardian encoder on your development machine. This is typically a GUI application.

  2. Configure the Encoder: Configure the encoder with your desired settings, such as the PHP version, encoding options, and licensing parameters.

  3. Encode Your Scripts: Use the encoder to encode your PHP scripts. This will generate a set of encoded files.

  4. Install SourceGuardian Loader: Install the SourceGuardian loader extension on your Rocky Linux 9 server. This is similar to installing the ionCube loader. Download the appropriate loader for your PHP version and operating system from the SourceGuardian website.

  5. Configure PHP: Add the SourceGuardian loader extension to your php.ini file. The configuration is similar to ionCube:

     zend_extension=/path/to/sourceguardian.so

     Replace /path/to/sourceguardian.so with the actual path to the SourceGuardian loader file.

  6. Restart Web Server: Restart your web server (e.g., Apache or Nginx) to load the SourceGuardian extension.

  7. Deploy Encoded Files: Deploy the encoded files to your web server. The loader will automatically decode and execute them.

• Advantages of SourceGuardian:

  • Strong encryption and obfuscation.
  • Licensing features for controlling script distribution and usage.
  • Support for various PHP versions.
  • Relatively easy to use with a GUI-based encoder.

• Disadvantages of SourceGuardian:

  • Commercial software (requires a license).
  • Vendor lock-in.
  • Loader extension required on the server.

Both alternative solutions offer viable options for protecting PHP scripts on Rocky Linux 9. The choice depends on your specific requirements, budget, and risk tolerance. The PHP-FIG standard approach provides greater control and avoids vendor lock-in, while SourceGuardian offers a more comprehensive solution with licensing features.