Find us on Facebook Follow us on Twitter Follow us on Google Plus View our LinkedIn profile

CitrusKiwi's Web Design, Internet & Marketing blog

Get hints and tips about web design, SEO, and things internet. We also discuss online security issues, showcase new client websites and offer hints on marketing and networking.
Font size: +

Malicious code in Joomla templates

A coule of weeks back, I blogged about using add-ons/extensions for Joomla that came from warez sites, and the potential security problems associated with that (see "How to get a free lunch on the internet"). A joomla website is just a bunch of images, text, HMTL files, PHP files and CSS files. Whilst it's possivle to attach "nasties" to an image, or embed in text, when it comes to websites, usually the most common is adding code to one of the last 3. And of those 3, PHP is the "best" (from a hackers point of view) as it's the most powerful for wreaking havoc.

Templates for Joomla, or any modern CMS, are a collection of HTM, CSS and PHP files, so are just a good a target for hackers as the core website files. When we're doing sites we code our own templates - we don't buy templates, so your site will be unique. Templates are not usually particularly expensive - in the $20 - 50 range - though there are some more expensive than that. However, humans are loathe to pay for something they can get for free, right?

The same sort of sites who are offering free downloads for add-ons, are also offering free downloads for paid templates. And this comes with the same security risk as pirated add-ons. At best, the added code may just deface your site, or make it stop working, or redirect it to another site. At worst, it can turn your site into a spam bot, a DOS attack machine, or collect sensitive information ranging from browsing habits to credit card info or social security information. 

In short, there are no free lunches, but there are many nefarious characters on the net looking to dupe you, and/or steal your information. Is saving $50 worth the risk?

You website NEEDS video too
Small business should benefit from Pigeon

Contact Us | Custom web design packages | Our work | Our ReviewsSitemap

Are you a Non-Profit or Not-for-Profit? Save 50% here!

Copyright © CitrusKiwi Web Solutions LLC 2009 - . All Rights Reserved.