Page 1 of 1
Joomsef - hidden code
Posted: Mon Jan 22, 2007 11:43 pm
by brian
I was in the process of testing joomsef from artio today when i spotted some bae64 encoded strings in the code on lines 91,92,93.94 of sef.php
On closer inspection these decode as
1.
Code: Select all
<br /><span>JoomSEF SEO by <a href="http://www.artio.net">Artio</a>, sponsored by <a href="http://www.coolhousing.net">Dedicated server</a>.</span>
2.
Code: Select all
JoomSEF SEO by Artio (http://www.artio.net), sponsored by Dedicated server (http://www.coolhousing.com).
3.
Code: Select all
<br /><span>JoomSEF SEO by <a href="http://www.artio.net">Artio</a>.</span>
4.
I'm not a coder so I dont fully understand where this hidden advertising is being used but I cant see any good reason for this advertising to be hidden inside base64 encoding so I can only assume that it is for no good.
Re: Joomsef - hidden code
Posted: Mon Jan 22, 2007 11:54 pm
by brian
The above were for the current version 1.3.3
However a google indicates that there were other strings "hidden" in previous versions.
I'm sure that the sites 14,100 + sites here
http://www.google.co.uk/search?hl=en&q= ... arch&meta= dont really mean to be advertising prague hotels in their metatags
I realise and appreciate that the extension team cannot be expected to audit the code in the extensions but I hope and trust that now that this hs been reported the extension will be removed.
Re: Joomsef - hidden code
Posted: Tue Jan 23, 2007 12:09 am
by brian
Slight correction
I went ahead and installed it in a sandbox and the revealed documentation does say at the very bottom of the documentation.
Advertisement Notice
JoomSEF may add user-invisible links pointing to websites of JoomSEF authors (ARTIO s.r.o.) and/or to its sponsors. Such links appear in page footers or meta tag fields of pages, where it is used. This has no direct influence to functionality of your site.
Now I dont know about you but I dont want hidden adverts on my site.
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
Re: Joomsef - hidden code
Posted: Tue Jan 23, 2007 7:07 am
by ot2sen
Hi brian,
We are aware of this and have been discussing for a while now.
This extension do have this Advertisement Notice in the documentation and here´s the full quote:
8. Advertisement Notice
JoomSEF may add user-invisible links pointing to websites of JoomSEF authors (ARTIO s.r.o.) and/or to its sponsors. Such links appear in page footers or meta tag fields of pages, where it is used. This has no direct influence to functionality of your site.
Similarily to Joomla! software, these may be removed if you wish to do so. However, by keeping them, you help us develop the software further and increase the number of users.
Furthermore there´s an option to pay a fee for an Ad free version in their shop:
http://www.artio.cz/en/support-forums/j ... rator/viewhttp://www.artio.cz/en/e-shop/joomsef
Re: Joomsef - hidden code
Posted: Tue Jan 23, 2007 8:18 am
by brian
I appreciate that it is there in the documentation. However I would be a bit happier if this information was made available BEFORE it is installed. In addition as the advert is hidden (why encode it if you arent trying to hide the advert) who is to say that the advert willalways be an innocent one.
This extension should at the very minimum imho be flagged as having hidden adware.
Judging from my google searches 14.000+ users have not realised that they are providing free adverts on their sites
Re: Joomsef - hidden code
Posted: Wed Jan 24, 2007 11:00 am
by mpettitt
I've mentioned this problem in this forum before, and submitted a report asking that a note be added to the listing in the JED warning of this, since the download page does not (or at least, didn't as of writing) have any mention of this behaviour. Users should not have to install extensions in order to find the full licence details.
Re: Joomsef - hidden code
Posted: Wed Jan 24, 2007 11:23 am
by LorenzoG
We have discussed this internally and how to do so the users that are using JED get aware of this and how to handle similar cases. We have now done a note for the extension.
http://extensions.joomla.org/component/ ... Itemid,35/The problem, as I personally see it, is that many users aren't aware that a such sponsor link exists in the meta tag. IMO, it's very important that the developers are very open with this information when they add such "features".
Re: Joomsef - hidden code
Posted: Wed Jan 24, 2007 11:37 am
by brian
Thanks for that it is a sensible solution.
There are other offenders. Should we report them here or start a new thread for each.
Re: Joomsef - hidden code
Posted: Wed Jan 24, 2007 1:12 pm
by LorenzoG
Brian,
I think the best would be if you could email them to me and I'll forward it to the rest of the team so we can take a look on the affected extensions.
[email protected]Thanks in advance!
Re: Joomsef - hidden code
Posted: Wed Jan 24, 2007 1:24 pm
by brian
ok will do
Re: Joomsef - hidden code
Posted: Thu Jan 25, 2007 9:17 am
by mpettitt
It would be useful to post the list here as well, so people can check whether any of the extensions they are using have this feature, without needing to go through the listings on the JED. After all, openess is good.
Re: Joomsef - hidden code
Posted: Wed Feb 14, 2007 7:43 am
by mic
.....
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
Agree with you not having - without prior notice - any hidden advertisement.
But - from the SEO point of view: this is one of the common used techniques to improve (Google) pagerankings.
And is done by many, many (GPL) scripts - not only by Joomla (add.ons).
If i am wrong please correct me.
Re: Joomsef - hidden code
Posted: Wed Feb 14, 2007 8:57 am
by mpettitt
It's one of those techniques that was popular, but then the search engines noticed and will penalise sites that have hidden links. It's like text with the same colour set as the background - worked for a while, then got noticed and acted on by search engines, so now reduces your site appeal to them. Anything hidden is bad really - comments are fine (search engines ignore them, browsers don't show them, but they let anyone who is looking at the page source know something useful), but anything else is to be avoided, generally.
Re: Joomsef - hidden code
Posted: Sat Feb 17, 2007 3:29 pm
by Epke
I use this plugin for my site? Do I need to remove it as soon as possible, because otherwise my site get banned by google? If so what would you recommend me to use instead of joomsef? or can I delete all those links so its free of that adware and how?
Re: Joomsef - hidden code
Posted: Mon Feb 19, 2007 9:20 am
by mpettitt
The main alternative is OpenSEF. You can remove the links - there is a post on the forums somewhere which says what to look for, and there was a replacement sef.php file around too, but I can't remember where!
It's up to you whether you remove the component or not - I just prefer to have control of what is output on my sites, and will get extremely annoyed if something is outputing things without my knowledge.
Re: Joomsef - hidden code
Posted: Mon Feb 19, 2007 11:07 am
by Vince
LorenzoG wrote:We have discussed this internally and how to do so the users that are using JED get aware of this and how to handle similar cases. We have now done a note for the extension.
http://extensions.joomla.org/component/ ... Itemid,35/The problem, as I personally see it, is that many users aren't aware that a such sponsor link exists in the meta tag. IMO, it's very important that the developers are very open with this information when they add such "features".
Hi Lorenzo,
Maybe too much staring at PC screens all day has affected my eyesight, but I actually missed that note.
Would you consider at least using the same size font for such notices, rather than small print?
Many thanks,
- Vince
Re: Joomsef - hidden code
Posted: Mon Feb 19, 2007 2:35 pm
by LorenzoG
Hi Vince
The field where this information is written is a special editor field that can only be edited by us (it's therefore it has a different style). I agree that the visibility on the editor field could be better. I'll discuss this with the other editors.
Re: Joomsef - hidden code
Posted: Wed Feb 21, 2007 10:56 am
by LocALiceR
Adware/spyware products are unwanted ones in the software libraries.
By my mind those freeware extensions which advertise a 3PD site, can be considered as adware. The major software libraries (Download.com, SnapFiles.com and some others) do not list them. At one time a warning was added to such product pages that they might hurt the user's privacy, but recently these apps totally disappeared from these sites.
Re: Joomsef - hidden code
Posted: Wed Feb 21, 2007 7:17 pm
by kenmcd
mic wrote:.....
As for it having no "influence to functionality of your site" I think the SEO guys would disagree.
Agree with you not having - without prior notice - any hidden advertisement.
But - from the SEO point of view: this is one of the common used techniques to improve (Google) pagerankings.
And is done by many, many (GPL) scripts - not only by Joomla (add.ons).
If i am wrong please correct me.
The SEO benefits are
only to the site being linked to in the hidden link,
not the site with the outgoing link.
This is the same technique used by Joomla template designers to boost their pagerank, and their SE results ranking position.
Thousands of incoming links from unsuspecting pigeons users is very valuable.
On the host site the negatives are a potential reduction in pagerank and results position from a number of issues:
- page rank leak from outgoing links (see rel=nofollow)
- relevance reductions from links to completely unrelated sites
- potential penalties from having hidden links
- keyword pollution from hidden text.
No professional SEO marketer would ever allow such links on their sites.
Re: Joomsef - hidden code
Posted: Wed Feb 21, 2007 10:00 pm
by brian
Yes and i hate to see it in the templates as well.
Re: Joomsef - hidden code
Posted: Sat Apr 28, 2007 11:55 am
by dutchjoomle
Does someone know where this code is generated?
Can't find it in the source code:
"
http://www.artio.net) - databases, information system and web applications, co-sponsored by Moravatour (
http://www.moravatour.cz) - dovolena u more" />"
I'm using the latest JoomSEF component.
Solution:Sef.php: around line 118 ->Comment the code after Frontpage code & Other page code.