Tognome-lockscreen-256day, we've been reading the news about how a user discovered the fact about free untrusted downloads.

In the article Warning! Don't download joomla extensions from untrusted websites!, Daniel describes how he downloaded, and installed an extension from an unknown author. Soon, he discovered that the source code has a hidden link.

Also, he tried to download again the module, to discover a different hidden link! So, the untrusted author's been not only surreptitiously adding links, also rotated the hidden links as a regular operation.

As Daniel notes, a hidden link is one way to get your site hacked. Also, the source code can have worst attack vectors. For example, accesing your site customers, user passwords, and social media accounts.

Now, the module's been reported and it is not anymore listed on the JED.

From Joomla's Security Checklist:

  • Use the community: Don't forget the truism, "If a deal is too good to be true, it is." ...

As Daniel concludes "This goes to you too! Be careful where you download your next joomla extension!".

Pizza, Bugs, and Fun

bug-squasher

October 17th, 2014 is our next Joomla! PBF event and we'd love for you to be a part of it.

  • The key goal is to fix as many Joomla 3 and Joomla 2.5 bugs as possible.
  • The event is an all-day global event for virtual participants, with local venues wherever they are organized.
  • The event is open to both businesses and individuals.

@extly


Follow me on twitter