About Security Practices: Warning! Don't download extensions from untrusted websites!

Tognome-lockscreen-256day, we've been reading the news about how a user discovered the fact about free untrusted downloads.

In the article Warning! Don't download joomla extensions from untrusted websites!, Daniel describes how he downloaded, and installed an extension from an unknown author. Soon, he discovered that the source code has a hidden link.

Also, he tried to download again the module, to discover a different hidden link! So, the untrusted author's been not only surreptitiously adding links, also rotated the hidden links as a regular operation.

As Daniel notes, a hidden link is one way to get your site hacked. Also, the source code can have worst attack vectors. For example, accesing your site customers, user passwords, and social media accounts.

Now, the module's been reported and it is not anymore listed on the JED.

From Joomla's Security Checklist:

  • Use the community: Don't forget the truism, "If a deal is too good to be true, it is." ...

As Daniel concludes "This goes to you too! Be careful where you download your next joomla extension!".


  • RT @OSTraining: Take 30 minutes to truly understand Joomla's user permissions: http://t.co/v1k9K8LArk
  • RT @isidrobaq: Lunes 22 nuevo #joomlaIO esta vez sobre SobiPro 1.1 y @extly con @anibal_sanchez http://t.co/lIMcoYfvx4 #Joomla
  • RT @deswebcom: Crear potentes directorios y casi cualquier cosa. SobiPro 1.1 y Extly, el lunes 22 de septiembre en #joomlaIO: http://t.co/U…
  • Update: Joocial for K2 v7.4.0 plugin - Support for Simple Image Gallery, Image brackets, {gallery}, and {youttube} http://t.co/9704xEQOgO
  • RT @ExtlyCommunity: Joocial - Full social content management in Joomla #DocumentationGuides #joomla http://t.co/jrKPGJj7Cm http://t.co/ST64…

Follow me on twitter