By This Time, You’ve Probably Been Hacked – Joomla Critical Update

Critical Joomla Update
If you didn’t update your Joomla site by last Thursday, it’s probably been hacked.

Last week we told you about the critical Joomla update.  Joomla released it on Wednesday.  Two hacks, combined, would allow a bad guy to create a Joomla user and then elevate it’s privileges to the point that they had complete control of your site.

Sucuri, one of the good guys who track security issues and help fix hacked sites, reverse engineered the fix to see what had been broken.  Then they created a way to check if someone had hacked the site. Within 24 hours of the release, they found nearly 30,000 hacked sites.

Hackers in Romania and elsewhere had already automated the hack and Sucuri says that if your site hasn’t been updated, it is most likely already hacked. One sign from the early hack campaign was a new user named “db_cfg.” Of course, now that there are others looking for sites to hack, that may not be the only new user to your site.  You may have been hacked more than once!


If you didn’t update your site, give us a call and we’ll help you clean it up.

Joomla Update – Do this one right away

Critical Joomla Update
Joomla, like most Open Source projects, does a good job of keeping the software updated and secure.

Joomla has a security problem that could let someone sign in to your site with elevated privileges – even if you don’t allow users to register. In other words they could get access and do some damage. If you’re a McColley Marketing Media client, I’ll be getting your site updated today or tomorrow. If not, call your developer – or give us a call and we’ll get you protected. In the words of a pharmaceutical ad for something…”Get this one done.”

Schema Microdata – It Sounds Black Hat But Its Not

Local Online Marketing
Schema Microdata Is A New Opportunity For Your Local Online Marketing

The Yellow Pages – a big book listing every business in town. And businesses paid to be listed – often it was the only advertising they did.

Then Google killed it. Google was faster, easier, and they didn’t have to cut down a forest every year. Sure, you need a computer, but…

Now we carry our computers in our pocket and we search for businesses from anywhere. And Google knows we want to know where those businesses are – so they show maps and give us turn-by-turn directions on our phone screen.

How does Google know where you are? There are lots of places to find that information, one of them is your website. But how do they know that the address information on your website is your business information and not some other address?

Introducing Schema Microdata

Google looks for your NAP: Name, Address, and Phone Number. It’s important that your NAP is consistent across all their information sources (more on that another time).

And they have now agreed to use a standard “markup” coding system known as Schema Microdata.

Its really pretty simple. Your web designer needs to add some hidden code to your NAP info that tells Google “This is my street address,” “This is my city,” etc.

Your Schema Microdata Advantage

Google uses 200 or so factors to rank your website. If you have all 200 in just the right way, you’re listed first. If you have none of them on your website, you’re listed last (if at all).


  1. Having your NAP in Schema Microdata Format is one of the factors.
  2. Less than 20% of all businesses have incorporated Schema Microdata.

It won’t make you number one, but it’s another advantage you can have over your slower to act competition. But if you wait, they’ll eventually get it added, too, and your advantage goes away.

McColley Marketing Media can add Schema Microdata to every page on your website – an important clue for Google that will make it easier for customers to find you. Call Lynn at 480-704-4286 to find out how affordable this change can be.

Good Luck Freddy! I bet you don’t know who the real web design scam victim is yet…

Freddy is about to learn who the real scam victim is. Instant Karma.

“Instant Karma’s gonna get you…”

I got an email from Freddy scot (sic), he’s got a new company that will be importing Kola Nuts and other Central American ag products.

Freddy is also deaf so we can’t talk on the phone.

He needs a website right away and his budget is from $4000 to $8000. It should look similar to and function just like

Oh, he needs to pay by credit card.

And he has a consultant who will provide the text and images. But this consultant can’t take credit cards so he wants to overpay me and then have me send a check to the consultant. (Then the scam kicks in: they’ll go for a refund from the credit card company and I’ll be left holding the bag.)

I’ve gotten this exact (word for word) proposal about 8 times in the last 2 years from a number of people, all with Gmail accounts (which can’t be traced) This has led me to believe that somewhere on the dark web some huckster is selling this as a turnkey, cut and paste scam operation and bragging about all the money he’s made. I’m sure it sounds impressive:  make thousands of dollars with just a gmail account.

In fact, I would like to see the pitch. Here are the emails I sent to Freddy:

Freddy, I’m sorry, but I’ve already seen this scam. I hope it didn’t cost a lot of money to buy this “money making opportunity.” Most of my web design friends have all gotten this dozens of times already. It might have worked the first time, but by now I’m afraid the market has been saturated. You’ve wasted your money. Good luck on finding an honest way to make a living, its much easier on your karma.

Then a second one:

Hey Freddy, where did you buy this scam? It’s obviously a cut and paste get rich quick thing. As a student of marketing I would like to see the sales pitch.

Over the last six months I’ve asked several of the would-be scammers for the info, but they never get back to me.

Freddy is just learning who the real victim is in this scam. The original scammer probably did get some web designers to bite, but I bet he’s making more selling his template for a scam than he did actually scamming designers.

McColley Marketing Media didn’t take Freddy up on his offer, so we have time on the schedule to build your new website, help you better market the site you have, or help you improve and maintain your website.  Call us today. We do take credit cards, but once we get your money, we promise to keep it for ourselves.

SEO Services: You’re FIRED!

getting the boot
The customer is always right – except when they are wrong.

A couple of weeks ago I got a call from a business person in Los Angeles who wanted some help with SEO Services for his Joomla website. He was a self taught expert – he had learned everything through experimentation. A week later he fired me when Google changed the ranking on one of his pages.

We hadn’t touched the page or done anything that remotely would affect the page. But he was the “expert.”  Except he really wasn’t.

Let’s call this client Joe.  Somewhere along the line, Joe had paid someone for SEO services and they helped him rank #1. You could see it right there on Google. But his business hadn’t grown as a result. He decided that he needed to be #1 for more keywords, and he knew how to do it.

Winning the Wrong Horse Race

His old SEO Services company had helped him win a race that no one was running except him  It’s really a pretty common tactic among less than scrupulous SEO characters.

Here’s how it works: 

  • Choose some long-tail keyword that sounds important.
  • Make some changes to the homepage and maybe create a handful of links to that page.
  • Take credit for making the client #1 and sign a bigger contract.

“You Too Can Be #1! Buy Our SEO Services!”

The truth is that Google is so good, you can highlight just about any unique 10 word phrase on your home page, paste it into Google and you’ll be #1 – or close to it.

To prove my point, here’s an example from my homepage, a not so unique phrase: “A mobile website design is simply one designed for a small smartphone display.” My site is #3 for that. That’s great, except nobody is searching for that phrase.

In this case, Joe’s phrase was roughly equal to “Ford Fairlane Repair in Santa Monica California.” Yes, Ford made a Fairlane model 50 years ago. Yes, Santa Monica is in his service area. Yes, Google found 426,000 related pages to put in the results. No, that doesn’t make it a valuable keyword.

I did the research: no one is searching for that phrase today. You can’t guess at this, you need to research your Keyword Phrases.

The number one rule of SEO: “Getting on a list of 5 million results isn’t important, getting to the Top of any pertinent list is critically important.” In this case, he missed the “pertinent” part.

Winning a race that no one else is running won’t build your business. Choose your keywords carefully.

McColley Marketing Media is a Phoenix SEO Services company.  We can help your website become a profitable marketing vehicle for your business.  Want to know more? Call Lynn McColley at 480-258-4135.

P.S. I didn’t even bother sending a bill. Joe’s last web designer and his last SEO are buying Adwords for his personal name to warn that Joe doesn’t pay his bills. Ouch! Maybe that’s why his name is almost hidden on his site.

Joomla Update – This Is Scary!

Critical Joomla Update
Joomla Update: 12% of the sites we listed were hacked in the last month!

Before Christmas I posted about a new Joomla update that had been released to fix a new security issue. The Joomla team did something unprecedented – they released an update for Joomla 1.5, which has been “end of life” since 2012.

Good intentions

At that time, I made a short list of 81 sites in Arizona still using Joomla 1.5. And I emailed them to let them know they need to secure their site. Of course, I made an attractive offer to update them. Which means for many site owners they went to the trash. I understand.

But 15 of those 81 site owners took action and got their sites secured.  They didn’t all use my Joomla update service, some had their own web designers who took care of updating them.

Now comes the scary part

10 of the remaining 66 sites have been compromised.  Some are down, some have an “SEO Hack” that siphons off Google ranking and some are blacklisted because of malicious code that could infect visitors. This is far worse than I expected.

If you have a site running Joomla 1.5 or even later, you need a Joomla Update

There are still more sites than the 81 I put on my short list running Joomla 1.5.  And sites running 2.5 and even versions of Joomla 3 earlier than the 3.4.5.  Some will just be a one-click update, others take more effort.

Call your web developer and give him a serious kick in the pants. If your developer isn’t available, call me and we’ll get you updated. This doesn’t end well unless you take action right away.

480-258-4135 is my mobile number.

You can order an Joomla Update here.  If you want to stay with Joomla 1.5 for some reason, you can order a Joomla Patch here.

Critical Joomla 1.5 Security Update

Joomla 1.5 Security Update
Critical Joomla 1.5 Security Update!

A followup to yesterday’s Joomla Update notice.  Yesterday I said that we were in the middle of updating all the Joomla sites in our care to the latest version because of a critical security patch.

What I didn’t know at that moment was that the problem was as serious as it is. An attacker could very easily gain access to your site in order to execute their own code.

Critical Update Released for Joomla 1.5, Too

Its so serious that Joomla has even issued a fix for Joomla 1.5.  Despite the fact that it reached its official “end of life” at the end of 2012 (after 5 years of updates).  This would be like Microsoft updating Windows 98 instead of pushing you to the newer Windows 10.

Lets Fix This Right Away!

If your site is running an old version of Joomla, give me a call and we’ll help you gain control of the situation. All version from Joomla 1.5 to 3.45 are affected. Later versions are 1-click updates, but you should backup your site first just in case.  Joomla 1.5 needs a lot more work to update.  If you’re not ready to do an update to the latest, I can apply today’s fix for a lot less (you’ll still have other vulnerabilities, but not this critical one).

McColley Marketing Media has been offering special prices on Joomla updates. If you update to the latest Joomla 3, we’ll discount the cost of making your website mobile ready, too. Call 480-704-4286.

Joomla Update Special for J1.5 Sites

Joomla Update
Joomla Update Security Release! Special Offer: we’ll upgrade Joomla 1.5 sites for just $400

It’s Joomla update time! Joomla Version 3.46 was released today. It has one critical and 3 lower level security updates.  Regular McColley Marketing Media clients are being updated free today and tomorrow.

Don’t Get Hacked – Important Joomla Update!

I know a business not 5 miles from here that has been hacked.  Their design is gone and their home page, which is now just text on a white background, has several links to casinos.  I’d post a link but I’m not 100% sure it doesn’t have a virus or other malware that could infect your computer. That site was running an outdated (and very insecure) version of Joomla.

Every couple of weeks there’s a new Joomla update to fix problems and introduce new features.  Its free.  What I find amazing is that there are still sites running the Joomla 1.5 version that first came out in 2012. It very insecure and does not get updates. The only solution is to upgrade.

Special Joomla 1.5 Offer

Unfortunately, upgrading from Joomla 1.5 isn’t a small task.  While today’s 3.46 Joomla update is just a click to update from 3.45, that’s not the story with Joomla 1.5. Lots of manual changes means more time spent and a higher price.  I’m offering an upgrade special of $400 for anyone who wants to secure their site (limited time).

That price doesn’t include the cost of paid extensions or upgrading a site using VirtueMart, since there are many other considerations there (we’ll upgrade those for you, but there is more labor involved).

If a $400 Joomla update seems high, think about the cost of a new website should you get hacked. Give me a call and we’ll lock your site up.

McColley Marketing Media has been working with Joomla since before Version 1.0.  Since Joomla just turned 10, that’s a lot of Joomla update experience!