ask question imageRecently it was pointed out people had apparently no clear way of asking questions of the vel team or discuss vulnerable exension reports.

 

We pointed out the facebook fan page facebook.com/velteam as We felt that the Slack site used by most people was not open or intutive enough. It also had a limit on the amount of discussion topics it shows live. Therefore  in addition to our facebook fan page, we have decided to create a form called AskVel http://bit.ly/askteamvel

You can freely ask a question and hopefully, if we know the answer, will post on vel.joomla.org as an FAQ and possibly run in the JCM.

There are numerous sites advertising free templates but you have to watch out. File sharing sites are the most common place to get a free template or from a friend if you read the joomla forums.
Nowadays more and more unsavoury distributors of templates have come on the scene trying to cash in on joomla success and catch unwary users.

Several companies in the past have been known to just put hard coded links into their files. Eg Themza whose method was to call an encoded gif{menu_col.gif} file to place a spam link in the menu and also in the footer. a sample of the code
A big discussion on themza is at http://forum.joomla.org/viewtopic.php?p=1827027 They also do not state they are gpl as they have restrictions on you altering their code. 

A newer trick is

sucuri

Spam Alert

Have you found a lot of hidden spammy links on your Joomla site and don't understand how they got there? Here is a possible explanation.

Recently a case of spamming involving rogue Joomla extensions came to light. The extensions involved were several popular free modules and plugins listed in the Joomla extensions directory, mostly slideshows, twitter widgets and similar extensions. Some examples were:

There have been recent questions over why devlopers should inform the VEL team about exploits they have fixed before the velteam get to know about them. This includes when a developer updates their listing on the JED and neglects to mention the update is due to a coding weakness.


Developers have several responsibilities when it comes to insecure code:-

While checking my site logs, as should be standard practice for everyone, I discovered an unintentional honeytrap.

Q. What is the point of trying to hack an rss feed and is it possible?