Creative and discrete Joomla hack..

Recently a client reported that their web-page had turned black! I was tasked with investigating, and this turned out a tad more interesting than I first thought it would be…

I soon discovered that there was indeed text on the page, it was just black on black, so you couldn’t read it. The only text on there though, was a PHP error message, stating that there was a syntax error in banners.php, which was a file unknown to me. When I opened the banners.php file, I found code in there which would do something like this:

  1. Check client, if it’s a normal web browser, return the normal webpage, nobody notices anything..
  2. If the client is a search-engine, however, return only these links: (then a whole lot of links to what looked like different articles on a blog, but the names disclosed them as selling some product) and then do nothing..

Crafted for silent operation, this hack would only affect indexing spiders and search engines! Thereby upping the rating for this particular “blog”, or whatever it was, in those search engines! This would indeed have gone unnoticed for who-knows how long, had it not been for the syntax error they had made in the file.

In trying to learn how this hack was done, I turned to the Joomla forums, but there wasn’t much help to be had there, as we weren’t running the very latest release of the Joomla CMS… :-/

I gotta admire the creativity of some people out there, in finding new ways of exploiting the web… You can only winder how many other site-admins are unaware of their websites returning SPAM to all indexing attempts made at their site.. Just goes to show, you should ALWAYS keep your software, be it on your computer or out on the web, up to date…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s