The Blog

We love Joomla!

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
    Login Login form

Warning! Don't download joomla extensions from untrusted websites!

Posted by on in News
  • Font size: Larger Smaller
  • Hits: 59005
  • 0 Comments
  • Subscribe to this entry

A year ago I was helping a friend to make his homepage with Joomla. We needed a facebook fan page module. Actually we didn't needed it, but I was too lazy to add the facebook fan page code myself as I had to edit the template (to do it the HTML5 way...). So instead of doing it myself - I went on a hunt for a good Facebook page module. After a short look at the JED I found my module - it had the best reviews... I tested it - it worked! Hurray!

Unfortunately the other day the facebook fan box was not displayed by the module anymore. So today I decided to have a look at the actual HTML code that was generated & I was shocked to discover a hidden link. The link was pointing to a shop for flowers, so at least it is not a malware site... I immediately thought that the site was hacked and I went to look at the PHP code of the module. It turns out the website was not hacked & the link is generated by the module code. So I downloaded the last version of the module and had a look at the code again - well, this time there was again a hidden link, but it was pointing to another site. (you know what that means right?)

Yesterday I was reading an article that was stating that according to Microsoft 78% of the downloaded software on the internet through P2P or other untrusted websites has malware in it. In my case this joomla module didn't have malware in it, but it was also not nice to discover a hidden link there.
As it seems somebody else has found this hidden link before me, because the module is not anymore listed on the JED. But this goes to show that you should not blindly trust the code of people that you don't know. So my rule of thumb right now would be - if the developer of a particular extension is new to joomla, not well known for producing quality code - then look at his code for hidden surprises!

This goes to you too! Be careful where you download your next joomla extension!

 

Rate this blog entry:
0
Tagged in: joomla malware thoughts