× Best Practices in building and maintaining web sites

Question Why Joomla 3 and Joomla 4 are potentially bad for your business / SEO, and what you can do about it.

  • Ruud van Lent
  • Ruud van Lent's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
More
1 month 3 weeks ago #1631 by Ruud van Lent

last month a customer came to me with the question if I could help him: his site was compromised and his business customers attended him that his joomla website was serving porn. He was losing business... big time when the word spread...

I have created a free plugin to help you get rid of and avoid these bogus links for your website: link below this blog!

I checked his site and could not find anything hacked, but further investigation learned that when googling his site, all kinds of porn and abuser URL’s where pointing to his site, with his domain name as the domain name in the URL. So Google was using porn URLs that when clicked would redirect you to his site.

Read more...
More
1 month 3 days ago - 1 month 3 days ago #1632 by Martin Kopp
Hi Ruud - thank you for your article. I have disabled the ID in the modern router. In the aftermath i discovered 1) You have to be very carefull not to have duplicate aliases - which lead to a 404 page. and worse 2) the old urls are still accepted... or can be guessed easily  - so i need your PR - There will be no fix from Joomla Development as we both know... - i'm still convinced this is a major threat.
Thank you and best wishes
Martin
Last edit: 1 month 3 days ago by Martin Kopp.
  • Ruud van Lent
  • Ruud van Lent's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
More
1 month 3 days ago #1633 by Ruud van Lent
Hi Martin,
I wrote this article after discussion with the Joomla Security Strikeforce. If you aren't going to fix it at least make people aware of the issue and what potentially can be done about it.
The isue here is that the people 'in charge' of doing something about it, do not have the isue: IMO it is as simple as that.
I did a PR for it for Joomla 4 (which also has this issue), but the only feedback I got was code styling, then nothing. So I closed that PR to get the attention back on the original issue. github.com/joomla/joomla-cms/pull/32500
What the PR did was give the user a choice: loose resolving (the way it is now), or strict resolving (require both id and matching alias)

As said, due to lack of interest I pulled that PR. I know Phil taylor al did a number of PR's for Joomla 3 but again, stranded due to no feature (?) requests anymore for Joomla 3.

Because I don't want to make sites unprotected (by doing core changes) I have created a system plugin for a customer who was facing this exact issue. It will check the article id with the alias in the url and matches that with the alias of the article: if not the same 404 / 410. This is only on the article alias, not the category alias (which again can be anything)

If you are interested I can create a standalone system plugin for that and push it to github
More
1 month 3 days ago - 1 month 3 days ago #1634 by Martin Kopp
I would be very thankful for this plugin. I have just published a Joomla Website for a business with few hundred "vulnerable" links and i need to check them.
 
Last edit: 1 month 3 days ago by Martin Kopp.
  • Ruud van Lent
  • Ruud van Lent's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
More
1 month 1 day ago #1644 by Ruud van Lent
Hi Martin,
need to find some time to decouple that functionality from my customers 'toolbox' plugin. Try to do it this week.
Will do an update on this topic so you will be notified :)

regards,
Ruud.
  • Ruud van Lent
  • Ruud van Lent's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
More
3 weeks 1 day ago #1656 by Ruud van Lent
So found some time to create the plugin: ochStrictRouter
it a free plugin, get it here: onlinecommunityhub.nl/joomla-extensions/...rictrouter-12-months

When subscribing (free) you have access to support on this plugin (via the forum)

This is a first version, when we have some more (mis) matching data, the plugin will be extended (e.g. also match on category alias, etc.)
More
3 weeks 1 day ago #1657 by Mary Nevius
Thank you Ruud, for this information and providing Joomla users with a solution.
  • Ruud van Lent
  • Ruud van Lent's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
More
3 weeks 12 hours ago #1658 by Ruud van Lent
You are welcome Mary,
I have worked as hired project manager in the banking business and before getting contracted these institutes are obliged by law to do a full background check on you.
I am sure that if there where bogus links on my (personal) website found in Google, I would never be hired as my background check would fail.

So there is more to it then meets the eye :S

Log In or Sign Up

Forgot your password? / Forgot your username?