The mysterious ads in Joomla and a surprising discovery

Rather rarely accepts this type of job, because I do not think they necessarily need to my knowledge, because sometimes just ask on the official joomla forum to solve them. But something tempted me, you can call it a challenge. Well, the client reported that his newly created web page appeared a small block of advertising to a website with pirated software. At first I thought maybe someone hacked into his website. Anyway, that was the title of the email, so suggested that I started drill down on…

The mysterious ads in Joomla and a surprising discovery But after a while I found that this website was so new that even google did not know of its existence, so the accidental attack was rather impossible. The server logs do not indicate that anyone outside the inner circle it entered the IP, except that the FTP localcode done its job.

For sure I overwrite all system files Joomla! files with a clean install, but still nothing. Interestingly, this text ad to appear randomly, so I thought for a moment that I managed to solve the problem, and after a while realize that I was wrong.

Another precious minutes passed and I still was looking for. Hosting a trusted, not some free, or from the suspect supplier. However, the links in those advertisements pointed to a trail. Like a professional detective, looked at the content of these pages, but offered free of commercial scripts, there were also popular commercial components and templates for Joomla. I checked the list of components used by the client, in addition to two open source license for the rest of it was the default.

He remained a template, because it was commercial, I asked to re-download it from the club and send me a “clean” version. … And suddenly there were problems. It turned out that this website did a suspiciously cheap contractor and after doing his work, received wages – was no longer interested in further cooperation. He did not want to send the source files, explaining to the customer evasively. It seemed to me strange. But I was sure of the trail – a template.

I explained to the customer that probably was the victim of “fraud”, which uses pirated templates, and now to fix this situation we must take the appropriate steps.

  • First, the website switched into Offline mode.
  • Secondly, I said that if this particular template found it best for his project, then unfortunately we are forced to buy it in a legal way, so once again. Sure I could spend another hour looking for malicious code in the template code, but it would be just not only unprofitable, but also unethical.
  • Then we bought the template / membership, thanks to this the client has access to new updates of the template(s) for the next three months.

In summary:

As you can see the truth turned out to be rather prosaic, but painful for the site owner. Customer had to pay three times: once for the primary contractor, the second time for my service, and once a template that should have from the start – a clean and 100% legal.

At the end we changed the password for both admin and FTP, to make sure that no one (unauthorized person) don’t log on in future.

This article was first published March 26th, 2012