Joomla!
http://forum.joomla.org/

Joomsef - hidden code
http://forum.joomla.org/viewtopic.php?f=262&t=133897		 Page 1 of 1
Author:  brian [ Mon Jan 22, 2007 11:43 pm ]
Post subject:  Joomsef - hidden code
I was in the process of testing joomsef from artio today when i spotted some bae64 encoded strings in the code on lines 91,92,93.94 of sef.php


On closer inspection these decode as
1.
Code:
<br /><span>JoomSEF SEO by <a href="http://www.artio.net">Artio</a>, sponsored by <a href="http://www.coolhousing.net">Dedicated server</a>.</span>

2.
Code:
JoomSEF SEO by Artio (http://www.artio.net), sponsored by Dedicated server (http://www.coolhousing.com).

3.
Code:
<br /><span>JoomSEF SEO by <a href="http://www.artio.net">Artio</a>.</span>

4.
Quote:
JoomSEF SEO by Artio (http://www.artio.net).


I'm not a coder so I dont fully understand where this hidden advertising is being used but I cant see any good reason for this advertising to be hidden inside base64 encoding so I can only assume that it is for no good.
Author:  brian [ Mon Jan 22, 2007 11:54 pm ]
Post subject:  Re: Joomsef - hidden code
The above were for the current version 1.3.3

However a google indicates that there were other strings "hidden" in previous versions.

I'm sure that the sites 14,100 + sites here
http://www.google.co.uk/search?hl=en&q= ... arch&meta= dont really mean to be advertising prague hotels in their metatags

I realise and appreciate that the extension team cannot be expected to audit the code in the extensions but I hope and trust that now that this hs been reported the extension will be removed.
Author:  brian [ Tue Jan 23, 2007 12:09 am ]
Post subject:  Re: Joomsef - hidden code
Slight correction

I went ahead and installed it in a sandbox and the revealed documentation does say at the very bottom of the documentation.

Quote:
Advertisement Notice

JoomSEF may add user-invisible links pointing to websites of JoomSEF authors (ARTIO s.r.o.) and/or to its sponsors. Such links appear in page footers or meta tag fields of pages, where it is used. This has no direct influence to functionality of your site.

Now I dont know about you but I dont want hidden adverts on my site.

As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
Author:  ot2sen [ Tue Jan 23, 2007 7:07 am ]
Post subject:  Re: Joomsef - hidden code
Hi brian,

We are aware of this and have been discussing for a while now.

This extension do have this Advertisement Notice in the documentation and here´s the full quote:
Quote:
8. Advertisement Notice

JoomSEF may add user-invisible links pointing to websites of JoomSEF authors (ARTIO s.r.o.) and/or to its sponsors. Such links appear in page footers or meta tag fields of pages, where it is used. This has no direct influence to functionality of your site.

Similarily to Joomla! software, these may be removed if you wish to do so. However, by keeping them, you help us develop the software further and increase the number of users.

Furthermore there´s an option to pay a fee for an Ad free version in their shop:
http://www.artio.cz/en/support-forums/j ... rator/view
http://www.artio.cz/en/e-shop/joomsef
Author:  brian [ Tue Jan 23, 2007 8:18 am ]
Post subject:  Re: Joomsef - hidden code
I appreciate that it is there in the documentation. However I would be a bit happier if this information was made available BEFORE it is installed. In addition as the advert is hidden (why encode it if you arent trying to hide the advert) who is to say that the advert willalways be an innocent one.

This extension should at the very minimum imho be flagged as having hidden adware.

Judging from my google searches 14.000+ users have not realised that they are providing free adverts on their sites
Author:  mpettitt [ Wed Jan 24, 2007 11:00 am ]
Post subject:  Re: Joomsef - hidden code
I've mentioned this problem in this forum before, and submitted a report asking that a note be added to the listing in the JED warning of this, since the download page does not (or at least, didn't as of writing) have any mention of this behaviour. Users should not have to install extensions in order to find the full licence details.
Author:  LorenzoG [ Wed Jan 24, 2007 11:23 am ]
Post subject:  Re: Joomsef - hidden code
We have discussed this internally and how to do so the users that are using JED get aware of this and how to handle similar cases. We have now done a note for the extension.
http://extensions.joomla.org/component/ ... Itemid,35/

The problem, as I personally see it, is that many users aren't aware that a such sponsor link exists in the meta tag. IMO, it's very important that the developers are very open with this information when they add such "features".
Author:  brian [ Wed Jan 24, 2007 11:37 am ]
Post subject:  Re: Joomsef - hidden code
Thanks for that it is a sensible solution.

There are other offenders. Should we report them here or start a new thread for each.
Author:  LorenzoG [ Wed Jan 24, 2007 1:12 pm ]
Post subject:  Re: Joomsef - hidden code
Brian,

I think the best would be if you could email them to me and I'll forward it to the rest of the team so we can take a look on the affected extensions.
lorenzo.garcia@extensions.joomla.org

Thanks in advance!
Author:  brian [ Wed Jan 24, 2007 1:24 pm ]
Post subject:  Re: Joomsef - hidden code
ok will do
Author:  mpettitt [ Thu Jan 25, 2007 9:17 am ]
Post subject:  Re: Joomsef - hidden code
It would be useful to post the list here as well, so people can check whether any of the extensions they are using have this feature, without needing to go through the listings on the JED. After all, openess is good.
Author:  mic [ Wed Feb 14, 2007 7:43 am ]
Post subject:  Re: Joomsef - hidden code
Quote:
.....
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.


Agree with you not having - without prior notice - any hidden advertisement.
But - from the SEO point of view: this is one of the common used techniques to improve (Google) pagerankings.
And is done by many, many (GPL) scripts - not only by Joomla (add.ons).

If i am wrong please correct me.
Author:  mpettitt [ Wed Feb 14, 2007 8:57 am ]
Post subject:  Re: Joomsef - hidden code
It's one of those techniques that was popular, but then the search engines noticed and will penalise sites that have hidden links. It's like text with the same colour set as the background - worked for a while, then got noticed and acted on by search engines, so now reduces your site appeal to them. Anything hidden is bad really - comments are fine (search engines ignore them, browsers don't show them, but they let anyone who is looking at the page source know something useful), but anything else is to be avoided, generally.
Author:  Epke [ Sat Feb 17, 2007 3:29 pm ]
Post subject:  Re: Joomsef - hidden code
I use this plugin for my site? Do I need to remove it as soon as possible, because otherwise my site get banned by google? If so what would you recommend me to use instead of joomsef? or can I delete all those links so its free of that adware and how?
Author:  mpettitt [ Mon Feb 19, 2007 9:20 am ]
Post subject:  Re: Joomsef - hidden code
The main alternative is OpenSEF. You can remove the links - there is a post on the forums somewhere which says what to look for, and there was a replacement sef.php file around too, but I can't remember where!
It's up to you whether you remove the component or not - I just prefer to have control of what is output on my sites, and will get extremely annoyed if something is outputing things without my knowledge.
Author:  Vince [ Mon Feb 19, 2007 11:07 am ]
Post subject:  Re: Joomsef - hidden code
LorenzoG wrote:
We have discussed this internally and how to do so the users that are using JED get aware of this and how to handle similar cases. We have now done a note for the extension.
http://extensions.joomla.org/component/ ... Itemid,35/

The problem, as I personally see it, is that many users aren't aware that a such sponsor link exists in the meta tag. IMO, it's very important that the developers are very open with this information when they add such "features".


Hi Lorenzo,
Maybe too much staring at PC screens all day has affected my eyesight, but I actually missed that note.  :-[
Would you consider at least using the same size font for such notices, rather than small print?

Many thanks,

- Vince
Author:  LorenzoG [ Mon Feb 19, 2007 2:35 pm ]
Post subject:  Re: Joomsef - hidden code
Hi Vince  :)

The field where this information is written is a special editor field that can only be edited by us (it's therefore it has a different style). I agree that the visibility on the editor field could be better. I'll discuss this with the other editors.
Author:  LocaLizeR [ Wed Feb 21, 2007 10:56 am ]
Post subject:  Re: Joomsef - hidden code
Adware/spyware products are unwanted ones in the software libraries.

By my mind those freeware extensions which advertise a 3PD site, can be considered as adware. The major software libraries (Download.com, SnapFiles.com and some others) do not list them. At one time a warning was added to such product pages that they might hurt the user's privacy, but recently these apps totally disappeared from these sites.
Author:  kenmcd [ Wed Feb 21, 2007 7:17 pm ]
Post subject:  Re: Joomsef - hidden code
mic wrote:
Quote:
.....
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.


Agree with you not having - without prior notice - any hidden advertisement.
But - from the SEO point of view: this is one of the common used techniques to improve (Google) pagerankings.
And is done by many, many (GPL) scripts - not only by Joomla (add.ons).

If i am wrong please correct me.


The SEO benefits are only to the site being linked to in the hidden link, not the site with the outgoing link.
This is the same technique used by Joomla template designers to boost their pagerank, and their SE results ranking position.
Thousands of incoming links from unsuspecting pigeons users is very valuable.

On the host site the negatives are a potential reduction in pagerank and results position from a number of issues:
- page rank leak from outgoing links (see rel=nofollow)
- relevance reductions from links to completely unrelated sites
- potential penalties from having hidden links
- keyword pollution from hidden text.

No professional SEO marketer would ever allow such links on their sites.
Author:  brian [ Wed Feb 21, 2007 10:00 pm ]
Post subject:  Re: Joomsef - hidden code
Yes and i hate to see it in the templates as well.
Author:  dutchjoomle [ Sat Apr 28, 2007 11:55 am ]
Post subject:  Re: Joomsef - hidden code
Does someone know where this code is generated? ??? Can't find it in the source code:

"http://www.artio.net) - databases, information system and web applications, co-sponsored by Moravatour (http://www.moravatour.cz) - dovolena u more" />"

I'm using the latest JoomSEF component.

Solution:
Sef.php: around line 118 ->Comment the code after Frontpage code & Other page code.
Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/