Joomsef - hidden code

Here you can contact the editors of our Extensions site, as well as access infomation relating to this site.

Moderator: JED Team

Forum rules
Forum Rules
READ ME <-- please read before posting, this means YOU.
Locked
User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Joomsef - hidden code

Post by brian » Mon Jan 22, 2007 11:43 pm

I was in the process of testing joomsef from artio today when i spotted some bae64 encoded strings in the code on lines 91,92,93.94 of sef.php


On closer inspection these decode as
1.

Code: Select all

<br /><span>JoomSEF SEO by <a href="http://www.artio.net">Artio</a>, sponsored by <a href="http://www.coolhousing.net">Dedicated server</a>.</span>
2.

Code: Select all

JoomSEF SEO by Artio (http://www.artio.net), sponsored by Dedicated server (http://www.coolhousing.com).
3.

Code: Select all

<br /><span>JoomSEF SEO by <a href="http://www.artio.net">Artio</a>.</span>
4.
JoomSEF SEO by Artio (http://www.artio.net).
I'm not a coder so I dont fully understand where this hidden advertising is being used but I cant see any good reason for this advertising to be hidden inside base64 encoding so I can only assume that it is for no good.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomsef - hidden code

Post by brian » Mon Jan 22, 2007 11:54 pm

The above were for the current version 1.3.3

However a google indicates that there were other strings "hidden" in previous versions.

I'm sure that the sites 14,100 + sites here
http://www.google.co.uk/search?hl=en&q= ... arch&meta= dont really mean to be advertising prague hotels in their metatags

I realise and appreciate that the extension team cannot be expected to audit the code in the extensions but I hope and trust that now that this hs been reported the extension will be removed.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomsef - hidden code

Post by brian » Tue Jan 23, 2007 12:09 am

Slight correction

I went ahead and installed it in a sandbox and the revealed documentation does say at the very bottom of the documentation.
Advertisement Notice

JoomSEF may add user-invisible links pointing to websites of JoomSEF authors (ARTIO s.r.o.) and/or to its sponsors. Such links appear in page footers or meta tag fields of pages, where it is used. This has no direct influence to functionality of your site.
Now I dont know about you but I dont want hidden adverts on my site.

As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
ot2sen
Joomla! Master
Joomla! Master
Posts: 10380
Joined: Thu Aug 18, 2005 9:58 am
Location: Hillerød - Denmark
Contact:

Re: Joomsef - hidden code

Post by ot2sen » Tue Jan 23, 2007 7:07 am

Hi brian,

We are aware of this and have been discussing for a while now.

This extension do have this Advertisement Notice in the documentation and here´s the full quote:
8. Advertisement Notice

JoomSEF may add user-invisible links pointing to websites of JoomSEF authors (ARTIO s.r.o.) and/or to its sponsors. Such links appear in page footers or meta tag fields of pages, where it is used. This has no direct influence to functionality of your site.

Similarily to Joomla! software, these may be removed if you wish to do so. However, by keeping them, you help us develop the software further and increase the number of users.
Furthermore there´s an option to pay a fee for an Ad free version in their shop:
http://www.artio.cz/en/support-forums/j ... rator/view
http://www.artio.cz/en/e-shop/joomsef
Ole Bang Ottosen
Dansk frivillig Joomla! support websted - joomla.dk
OpenTranslators Core Team opentranslators.org

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomsef - hidden code

Post by brian » Tue Jan 23, 2007 8:18 am

I appreciate that it is there in the documentation. However I would be a bit happier if this information was made available BEFORE it is installed. In addition as the advert is hidden (why encode it if you arent trying to hide the advert) who is to say that the advert willalways be an innocent one.

This extension should at the very minimum imho be flagged as having hidden adware.

Judging from my google searches 14.000+ users have not realised that they are providing free adverts on their sites
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

mpettitt
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Fri Apr 07, 2006 2:36 pm
Location: UK
Contact:

Re: Joomsef - hidden code

Post by mpettitt » Wed Jan 24, 2007 11:00 am

I've mentioned this problem in this forum before, and submitted a report asking that a note be added to the listing in the JED warning of this, since the download page does not (or at least, didn't as of writing) have any mention of this behaviour. Users should not have to install extensions in order to find the full licence details.
FlexAdvert - the _improved_ Banner Management Suite. Find it at extensions.joomla.org under Advertising Banners
Bleurgh Joomla Extensions - http://www.bleurgh.co.uk - usage instructions, updates and so on
Performance FAQ: http://forum.joomla.org/index.php/topic,88070.0.html

User avatar
LorenzoG
Joomla! Hero
Joomla! Hero
Posts: 2983
Joined: Fri Aug 19, 2005 8:46 am
Location: Stockholm, Sweden

Re: Joomsef - hidden code

Post by LorenzoG » Wed Jan 24, 2007 11:23 am

We have discussed this internally and how to do so the users that are using JED get aware of this and how to handle similar cases. We have now done a note for the extension.
http://extensions.joomla.org/component/ ... Itemid,35/

The problem, as I personally see it, is that many users aren't aware that a such sponsor link exists in the meta tag. IMO, it's very important that the developers are very open with this information when they add such "features".

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomsef - hidden code

Post by brian » Wed Jan 24, 2007 11:37 am

Thanks for that it is a sensible solution.

There are other offenders. Should we report them here or start a new thread for each.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
LorenzoG
Joomla! Hero
Joomla! Hero
Posts: 2983
Joined: Fri Aug 19, 2005 8:46 am
Location: Stockholm, Sweden

Re: Joomsef - hidden code

Post by LorenzoG » Wed Jan 24, 2007 1:12 pm

Brian,

I think the best would be if you could email them to me and I'll forward it to the rest of the team so we can take a look on the affected extensions.
[email protected]

Thanks in advance!
Last edited by LorenzoG on Wed Jan 24, 2007 1:16 pm, edited 1 time in total.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomsef - hidden code

Post by brian » Wed Jan 24, 2007 1:24 pm

ok will do
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

mpettitt
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Fri Apr 07, 2006 2:36 pm
Location: UK
Contact:

Re: Joomsef - hidden code

Post by mpettitt » Thu Jan 25, 2007 9:17 am

It would be useful to post the list here as well, so people can check whether any of the extensions they are using have this feature, without needing to go through the listings on the JED. After all, openess is good.
FlexAdvert - the _improved_ Banner Management Suite. Find it at extensions.joomla.org under Advertising Banners
Bleurgh Joomla Extensions - http://www.bleurgh.co.uk - usage instructions, updates and so on
Performance FAQ: http://forum.joomla.org/index.php/topic,88070.0.html

mic
Joomla! Guru
Joomla! Guru
Posts: 692
Joined: Thu Aug 18, 2005 10:51 pm
Location: Austria
Contact:

Re: Joomsef - hidden code

Post by mic » Wed Feb 14, 2007 7:43 am

.....
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
Agree with you not having - without prior notice - any hidden advertisement.
But - from the SEO point of view: this is one of the common used techniques to improve (Google) pagerankings.
And is done by many, many (GPL) scripts - not only by Joomla (add.ons).

If i am wrong please correct me.
http://www.joomx.com - custom extensions and development
http://www.joomlasupportdesk.com - support, migration, training and consulting
Member of the German Joomla Translation Team

mpettitt
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Fri Apr 07, 2006 2:36 pm
Location: UK
Contact:

Re: Joomsef - hidden code

Post by mpettitt » Wed Feb 14, 2007 8:57 am

It's one of those techniques that was popular, but then the search engines noticed and will penalise sites that have hidden links. It's like text with the same colour set as the background - worked for a while, then got noticed and acted on by search engines, so now reduces your site appeal to them. Anything hidden is bad really - comments are fine (search engines ignore them, browsers don't show them, but they let anyone who is looking at the page source know something useful), but anything else is to be avoided, generally.
FlexAdvert - the _improved_ Banner Management Suite. Find it at extensions.joomla.org under Advertising Banners
Bleurgh Joomla Extensions - http://www.bleurgh.co.uk - usage instructions, updates and so on
Performance FAQ: http://forum.joomla.org/index.php/topic,88070.0.html

Epke
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Feb 17, 2007 3:27 pm

Re: Joomsef - hidden code

Post by Epke » Sat Feb 17, 2007 3:29 pm

I use this plugin for my site? Do I need to remove it as soon as possible, because otherwise my site get banned by google? If so what would you recommend me to use instead of joomsef? or can I delete all those links so its free of that adware and how?

mpettitt
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Fri Apr 07, 2006 2:36 pm
Location: UK
Contact:

Re: Joomsef - hidden code

Post by mpettitt » Mon Feb 19, 2007 9:20 am

The main alternative is OpenSEF. You can remove the links - there is a post on the forums somewhere which says what to look for, and there was a replacement sef.php file around too, but I can't remember where!
It's up to you whether you remove the component or not - I just prefer to have control of what is output on my sites, and will get extremely annoyed if something is outputing things without my knowledge.
FlexAdvert - the _improved_ Banner Management Suite. Find it at extensions.joomla.org under Advertising Banners
Bleurgh Joomla Extensions - http://www.bleurgh.co.uk - usage instructions, updates and so on
Performance FAQ: http://forum.joomla.org/index.php/topic,88070.0.html

User avatar
Vince
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 143
Joined: Sun Aug 21, 2005 11:41 pm
Location: UK
Contact:

Re: Joomsef - hidden code

Post by Vince » Mon Feb 19, 2007 11:07 am

LorenzoG wrote: We have discussed this internally and how to do so the users that are using JED get aware of this and how to handle similar cases. We have now done a note for the extension.
http://extensions.joomla.org/component/ ... Itemid,35/

The problem, as I personally see it, is that many users aren't aware that a such sponsor link exists in the meta tag. IMO, it's very important that the developers are very open with this information when they add such "features".
Hi Lorenzo,
Maybe too much staring at PC screens all day has affected my eyesight, but I actually missed that note.  :-[
Would you consider at least using the same size font for such notices, rather than small print?

Many thanks,

- Vince
www.hostbaron.com - low price Joomla starter packages.

www.SpanishVilla.com - Buy, rent or sell a Spanish property.

User avatar
LorenzoG
Joomla! Hero
Joomla! Hero
Posts: 2983
Joined: Fri Aug 19, 2005 8:46 am
Location: Stockholm, Sweden

Re: Joomsef - hidden code

Post by LorenzoG » Mon Feb 19, 2007 2:35 pm

Hi Vince  :)

The field where this information is written is a special editor field that can only be edited by us (it's therefore it has a different style). I agree that the visibility on the editor field could be better. I'll discuss this with the other editors.

User avatar
LocaLizeR
Joomla! Explorer
Joomla! Explorer
Posts: 331
Joined: Thu Sep 15, 2005 4:44 am
Location: Hungary
Contact:

Re: Joomsef - hidden code

Post by LocaLizeR » Wed Feb 21, 2007 10:56 am

Adware/spyware products are unwanted ones in the software libraries.

By my mind those freeware extensions which advertise a 3PD site, can be considered as adware. The major software libraries (Download.com, SnapFiles.com and some others) do not list them. At one time a warning was added to such product pages that they might hurt the user's privacy, but recently these apps totally disappeared from these sites.
Jozsef Tamas Herczeg // Member of the Hungarian Joomla Translation Team :: Follow me on Twitter: @jtherczeg
:: "Do not give fish to the hungry man teach him how to fish instead" ::

User avatar
kenmcd
Joomla! Champion
Joomla! Champion
Posts: 5672
Joined: Thu Aug 18, 2005 2:09 am
Location: California
Contact:

Re: Joomsef - hidden code

Post by kenmcd » Wed Feb 21, 2007 7:17 pm

mic wrote:
.....
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
Agree with you not having - without prior notice - any hidden advertisement.
But - from the SEO point of view: this is one of the common used techniques to improve (Google) pagerankings.
And is done by many, many (GPL) scripts - not only by Joomla (add.ons).

If i am wrong please correct me.
The SEO benefits are only to the site being linked to in the hidden link, not the site with the outgoing link.
This is the same technique used by Joomla template designers to boost their pagerank, and their SE results ranking position.
Thousands of incoming links from unsuspecting pigeons users is very valuable.

On the host site the negatives are a potential reduction in pagerank and results position from a number of issues:
- page rank leak from outgoing links (see rel=nofollow)
- relevance reductions from links to completely unrelated sites
- potential penalties from having hidden links
- keyword pollution from hidden text.

No professional SEO marketer would ever allow such links on their sites.
██ LibreTraining

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12629
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomsef - hidden code

Post by brian » Wed Feb 21, 2007 10:00 pm

Yes and i hate to see it in the templates as well.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

dutchjoomle
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Apr 28, 2007 11:49 am

Re: Joomsef - hidden code

Post by dutchjoomle » Sat Apr 28, 2007 11:55 am

Does someone know where this code is generated? ??? Can't find it in the source code:

""

I'm using the latest JoomSEF component.

Solution:
Sef.php: around line 118 ->Comment the code after Frontpage code & Other page code.
Last edited by dutchjoomle on Sat May 12, 2007 5:01 pm, edited 1 time in total.


Locked

Return to “extensions.joomla.org - Feedback/Information”