Find us on FacebookFollow us on TwitterSee us on Google +See our profile on LinkedIn

CitrusKiwi's Web Design and Internet blog

Here we give hints and tips about web design, seo, and internet things. We also discuss online security issues and showcase new client websites.

Malicious code in Joomla templates

A coule of weeks back, I blogged about using add-ons/extensions for Joomla that came from warez sites, and the potential security problems associated with that (see "How to get a free lunch on the internet"). A joomla website is just a bunch of images, text, HMTL files, PHP files and CSS files. Whilst it's possivle to attach "nasties" to an image, or embed in text, when it comes to websites, usually the most common is adding code to one of the last 3. And of those 3, PHP is the "best" (from a hackers point of view) as it's the most powerful for wreaking havoc.

Templates for Joomla, or any modern CMS, are a collection of HTM, CSS and PHP files, so are just a good a target for hackers as the core website files. When we're doing sites we code our own templates - we don't buy templates, so your site will be unique. Templates are not usually particularly expensive - in the $20 - 50 range - though there are some more expensive than that. However, humans are loathe to pay for something they can get for free, right?

The same sort of sites who are offering free downloads for add-ons, are also offering free downloads for paid templates. And this comes with the same security risk as pirated add-ons. At best, the added code may just deface your site, or make it stop working, or redirect it to another site. At worst, it can turn your site into a spam bot, a DOS attack machine, or collect sensitive information ranging from browsing habits to credit card info or social security information. 

In short, there are no free lunches, but there are many nefarious characters on the net looking to dupe you, and/or steal your information. Is saving $50 worth the risk?

Small business should benefit from Pigeon
You website NEEDS video too


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, 22 August 2017
If you'd like to register, please fill in the username, password and name fields.



501C get half off first year

Join us

Find us on FacebookFollow us on TwitterSee us on Google +See our profile on LinkedIn

Click for info

Legal and Identity Theft protection

Color for websites

color tool

Contact Us | Custom web design packages | Our work

Copyright © CitrusKiwi Web Solutions LLC 2009 - 2017. All Rights Reserved.

Web Analytics