Article Index

Was there a way to prevent this happening?

The answer to this is 'no'. The extensions as originally submitted to the JED were fine, there was no way to pick this up. Even if they had contained the bad code it is unrealistic to expect the JED team (who are a small group of volunteers) to conduct a thorough security scan of every extension in the directory. They can only act on information received, which they did in this case.

As a site owner you would do well to contemplate a saying popular among economists: there is no such thing as a free lunch. If a developer gives something away for no charge then they do have a reason for it. Very occasionally it may be because they are a philanthropic millionaire with infinite time on their hands, but this does not happen very often. The quid pro quo is normally that the developer expects some publicity for it and some SEO advantage. It can be a good way to generate some spontaneous links from other sites that review Joomla extensions. Some developers take this too far and include hidden links. A lot of developers did this in the past. Google got wise to this tactic some time ago and probably do not value such links very much now, if at all. So it is just not worth doing besides being morally dubious.

Site owners need to use a bit of common sense and ask themselves why the extension is being given away, what is being gained in return? Take some time to research the extensions you intend to use. Does the developer have a good reputation? Does the website look trustworthy? Does it belong to the developer, or is this another site giving away someone else's extension? Once you have downloaded an extension don't be afraid to take a look at the code, even if you are not a programmer you should be able to get a rough idea of what it does. If there is anything that worries you then posting in the Joomla forums is a good way to get help.>

Fiona Coulter
LInked in Listin Fiona Coilter