Sure if someone puts enough effort into something anything can be cracked, but you can make it long and slow job. This is 99% of the job done if you have niche software.
In regards what protection we use, I am not too keen to list them in public, but my basic principle is layering. Use enough different systems and layers and you are going to make life very hard for a cracker.
I have a server, yes, every time someone starts up my application, it sends a request to my server to with a (LICENSE, MAC-ADDRESS) tuple, which I store.
So far, I've never acted on MAC changes. If I saw a license that was used by say 50 MAC-addresses, I would disable it and send an email to the original buyer, scoff at him and give him a new license. But so far no-one has done this, not one person out of ~3500 has shared their license with a larger group of people.
Just trust your users for now, collect some statistics if you're really concerned, and act if someone is really abusing your system. Don't ever go after ambiguous cases, ever. I made this mistake in the beginning, got many MANY false flags.
I think collecting the statistics is a really good idea, because it will show you that your userbase is trustable, and you will change your perspective on software protection :)
You can, but it is not easy, simple, or very user friendly.
It really depends on your market and software. For most software it doesn't make sense to bother with anything other than the most basic licensing system, but for some software it does. I sell quite a lot of software in China and India and I would not be able to do this unless I spent a lot of time and money on anti-cracking activities.
I am curious how do you handle license revocation or when you detect if someone is using an illegal license.
What about offline users? How to handle licensing?