My site's been hacked..
- Thread starter dutchbb
- Start date
I wonder if anyone switch from self-hosted OpenX to Google Ad Manger?
motowebmaster
Well-known member
I'm looking at the code from an Android device. It appears to be inserted before anything else.
It isn't impossible to crack any version of OpenX, and there hasn't been that much support for newer users because the company is trying to encourage their hosted service, and most of the knowledgable users want to charge fees to assist.
My old implementation guide used to be a sticky post back when it was called phpadsnew. I'm not sure OpenX would support a new version.
It isn't impossible to crack any version of OpenX, and there hasn't been that much support for newer users because the company is trying to encourage their hosted service, and most of the knowledgable users want to charge fees to assist.
My old implementation guide used to be a sticky post back when it was called phpadsnew. I'm not sure OpenX would support a new version.
Carlos
Well-known member
It's not about the server, its about OpenX - anyone could have a secure server and have those ads plant some malicious code thrown at the end-user.
I couldn't find anything, and with the banners disabled the problem persists. There's a leak somewhere but I just can't seem to find it, very frustrating.
Yeah why?
TazDevilLooney
Active member
Just an idear. Have you tryed to create a new style and select that. Does the problem continue.
I'm unable to detect anything with AVG internet security 2011!
I'm unable to detect anything with AVG internet security 2011!
D.O.A.
Well-known member
A vb3 forum I used to visit had that happen, cant recall the exact method it was injected with, but the server admin/owner had "left on a holiday" and the other admins had limited permissions and no server access or contact details, even for the host. It was sad/slightly amusing watching the forum die as google blocked the site, and people still came through, got infected, reported it, got the "we're working on it", got infected again and again... and never returned.
I would have just closed the forum with a template header redirect or something rather then destroy it's credibility.
Deebs
Well-known member
I saw something similar over at vb.com about this and a simple recursive grep inside your vb installation directory listed the offending file. I will have to go dig for it. The malware was semi-intelligent as it was base encoded so you simply couldnt search for the domain. Perhaps this one is different,
try fgrep -ir 'alsonatural' from a shell. Ensure you are at the root of where VB is installed.
Fred Sherman
Well-known member
If all else fails, run find from the top of youtr html tree and send the output to a file:
find . -print > ./all_files_list
Now that you have a list of files, you can start scanning them for the offending site:
# for FILE in `cat ./all_files_list
> do
> grep -i alsonatural $FILE
> grep -i alsonatural < strings -a $FILE
> done
This will scan not only text files, but also printable strings in binary encoded/graphics encoded files.
Good luck.
find . -print > ./all_files_list
Now that you have a list of files, you can start scanning them for the offending site:
# for FILE in `cat ./all_files_list
> do
> grep -i alsonatural $FILE
> grep -i alsonatural < strings -a $FILE
> done
This will scan not only text files, but also printable strings in binary encoded/graphics encoded files.
Good luck.
AnthonyCea
Well-known member
Once I did a server virus scan and found that someone had uploaded a virus somehow within the signature module, so there are a lot of ways, if there are holes in your security to compromise any script or server.
One thing we all need to do is to make an effort to patch all security holes in applications, I had a blog script that a Russian was able to inject Viagra redirection links into that took down the entire blog network, the only way I could get it back up was to restore an old DB, this is what happens when developers behind scripts do not update (give up working on scripts).
One thing we all need to do is to make an effort to patch all security holes in applications, I had a blog script that a Russian was able to inject Viagra redirection links into that took down the entire blog network, the only way I could get it back up was to restore an old DB, this is what happens when developers behind scripts do not update (give up working on scripts).
motowebmaster
Well-known member
That is also possible --- but as I mentioned before, the OpenX Community isn't as openly cooperative as they would be on this site; or many others. As a result, many OpenX installations aren't properly setup (if they work at all). IMO, after several years of folks asking the same questions the more experienced OpenX users have lost interest or moved on to other places where they can make money supporting or developing plugins for OpenX.
So when I see a negative post about OpenX, my questions usually start with the basics. Either looking at some code, or learning about how they setup. Of course many would prefer a "more direct" response to their exact problem, but OpenX is a complex app that unfortunately can break in many different ways.
Hope this helps.
AnthonyCea
Well-known member
You have to upgrade Open X like any other application, we run Open X ad server on it's own domain, we had to upgrade OpenX the day after they notified everyone of the security hole in the old version, this was back in September of 2010.
Digital Doctor
Well-known member
Could the words OpenX be added to title of this thread to make it more informative
Thank you.
Thank you.
Dean
in memoriam
Good idea, done.
Dean
in memoriam
Similar threads
