1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning: new OpenX exploit

Discussion in 'Off Topic' started by Walter, Sep 13, 2010.

  1. Walter

    Walter Well-Known Member

    As I know that the OpenX advertising script (formerly known as phpAds) is pretty popular amongst forum admins here are some bad news: There is a new exploit out there and there is currently no patch available from OpenX. There are first reports of compromises.

    The exploit is done via the Open Flash Chart 2 module (you can upload pretty anything via ofc_upload_image.php). The only solution to prevent attacks is to delete admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php if you don't use the module (99% don't use it).

    There are many ways to use this exploit but one sign is if you have a file in admin/plugins/videoReport/lib/tmp-upload-images - e.g. a small shell code php script.

    The OpenX web site is currently down (probably flooded by admins).
  2. Lawrence

    Lawrence Well-Known Member

    Thanks for the heads-up, Walter. :)
  3. Walter

    Walter Well-Known Member

    This warning was pretty expensive for me - I catched the script kiddies red handed on my adserver.

    Now I have to clean up the garbage... :(
  4. Alice

    Alice Active Member

    I don't use ad's but thank you for letting us all know, that's very sweet of you.

    Alice x
  5. Tigratrus

    Tigratrus Well-Known Member


    1. Thank you for sharing the lesson learned! :) Sorry you found it the hard way though :(
    2. Can you clarify the paths involved? I'm not seeing /videoReport anywhere, is that an plugin you've added to your OpenX?

    We're a bit behind on OpenX upgrades, just checked and we're running 2.8.2, not sure if that explains the missing videoReport plugin...
  6. Walter

    Walter Well-Known Member

    That is a plugin installed as a standard in OpenX and AFAIK it's also in 2.8.2.
    Go to the directory admin/plugins/videoReport/lib/ofc2 and look for ofc_upload_image.php and delete it.
  7. Andy.N

    Andy.N Well-Known Member

    It's in 2.8.5 as well. Just deleted it. tks for the heads up.
  8. Walter

    Walter Well-Known Member

  9. dutchbb

    dutchbb Well-Known Member

    Omg my site just got hacked last week, I upgraded and now this.

    That script seems to be as leaky as a sieve :s

    Thank you very much for this thread! *rushes to delete ofc_upload_image.php*
  10. Walter

    Walter Well-Known Member

    TBH, I'm getting tired of OpenX problems too - it's the second major problem in a short time and their way of handling this type of issues was very bad both times.
    But probably they invest more time in promoting their market place and doing silly PR releases like "we will attack Google with our market place"
  11. Floris

    Floris Guest

    Thank you for the heads up, I've mailed a few people I know that run it.
  12. ManagerJosh

    ManagerJosh Well-Known Member

    Does it affect version 2.8.6 ?
  13. dutchbb

    dutchbb Well-Known Member

    Yes it affects current versions.
  14. Walter

    Walter Well-Known Member

  15. Forsaken

    Forsaken Well-Known Member

  16. Walter

    Walter Well-Known Member

    What system do you use? I'm open for all suggestions...
  17. dutchbb

    dutchbb Well-Known Member

    I'd love to use a better alternative, but I don't think there is one (not with the same flexibility and definitely not for free).
  18. Walter

    Walter Well-Known Member

    I don't mind paying for software if its maintained well.
  19. Curtis

    Curtis New Member

    Thank you Walter. I have been trying to figure out this stinkin issue now for a while. every time I have upgraded the problem kept happening. I figured my server had been compromised so I ran rootkit scans etc... so just a few days ago I formatted my server, installed openx once again and Bamm! this morning around 8:30am I was attacked again. I figured the attacker was just good at hiding what he was doing... I was right. Thanks to you I now know how he is doing it. I would love to find a better adserver if one is out there.... Any suggestions? like walter I dont mind paying for something if it is maintained well.

    btw... I got so tired of the attacks I emailed openx sales to see what a hosted solution would cost me thinking that maybe if they were hosting it I would have less issues.. He gave me an example. If I were to have 300million imps/mo it would cost me the low, low price of $4,150 per month... what the crap? running my own server costs me around $5-600/mo. Talk about overpriced.

    Now I am sure I know why they arent worried about securing the free version... if they can get us all to get tired of the attacks they can bank on the hosted solution.

    Personally, I am ready for an adserver change!

  20. dutchbb

    dutchbb Well-Known Member

    Lol, what an outrageous price even for big sites that can afford. Yeah that would explain why they do not care much about the free ad server.

Share This Page