CitrusKiwi's Web Design, Internet & Marketing blog

Get hints and tips about web design, SEO, and things internet. We also discuss online security issues, showcase new client websites and offer hints on marketing and networking.

Malicious code in Joomla templates

A coule of weeks back, I blogged about using add-ons/extensions for Joomla that came from warez sites, and the potential security problems associated with that (see "How to get a free lunch on the internet"). A joomla website is just a bunch of images, text, HMTL files, PHP files and CSS files. Whilst it's possivle to attach "nasties" to an image, or embed in text, when it comes to websites, usually the most common is adding code to one of the last 3. And of those 3, PHP is the "best" (from a hackers point of view) as it's the most powerful for wreaking havoc.

Templates for Joomla, or any modern CMS, are a collection of HTM, CSS and PHP files, so are just a good a target for hackers as the core website files. When we're doing sites we code our own templates - we don't buy templates, so your site will be unique. Templates are not usually particularly expensive - in the $20 - 50 range - though there are some more expensive than that. However, humans are loathe to pay for something they can get for free, right?

The same sort of sites who are offering free downloads for add-ons, are also offering free downloads for paid templates. And this comes with the same security risk as pirated add-ons. At best, the added code may just deface your site, or make it stop working, or redirect it to another site. At worst, it can turn your site into a spam bot, a DOS attack machine, or collect sensitive information ranging from browsing habits to credit card info or social security information. 

In short, there are no free lunches, but there are many nefarious characters on the net looking to dupe you, and/or steal your information. Is saving $50 worth the risk?

Font size: +