Warning: new OpenX exploit

Someone has downloaded the new version, the only thing they did change was to delete the one file - exactly the same as I suggested.
 
I downloaded 2.8.7 as well.
got errors after upgrading but it seems ok for nows.
All the banners seem fine.

I got a bunch of errors like this
Failed to find package definition file /public_html/openx/plugins/etc/openXVideoAds.xml
Failed to find package definition file /public_html/openx/plugins/etc/openXVideoAds.xml
 
Having the openx directory accessible only from preselected ip(s) and serve the banners trought the php method should protect against almost everything, i suppose.
 
What bothers me most is that they didn't send an e-mail to registered users in their database, just letting everyone know that way which file to delete would have been enough. Instead they crash their own servers by releasing a 'new version' with the file deleted? That makes no sense. It's like IB has taken over OpenX too.
 
dutchbb said:
What bothers me most is that they didn't send an e-mail to registered users in their database, just letting everyone know that way which file to delete would have been enough. Instead they crash their own servers by releasing a 'new version' with the file deleted? That makes no sense. It's like IB has taken over OpenX too.
Click to expand...

Their development team hasn't been one of the brightest honestly. I've complained about their upgrade process as it attempts to do too much in too short of a time. I've even left a recommendation or two, only to have it deleted a few days later.

Sadly, by far, they do have the best ad server application out there, in both the free and paid areas.
 
OpenX has been renamed to something else. I'm just tired of it and have started looking elsewhere for a lightweight replacement that has tracking and can be used sitewide.
 
Walter said:
What system do you use? I'm open for all suggestions...
Click to expand...

What about DoubleClick for Publishers (DFP) Small Business as alternative?

Or if you are big enough apply for DART for Publishers

It took me some time to figure it out but after that it works ok.
I stopped using OpenX because the JS slowed down my webpages loading time.
Google's computing power makes DFP a lot faster then OpenX on my dedicated box.

By the way Walter, are you by any chance running the forumfactory?
 
StarBuG said:
What about DoubleClick for Publishers (DFP) Small Business as alternative?

Or if you are big enough apply for DART for Publishers

It took me some time to figure it out but after that it works ok.
I stopped using OpenX because the JS slowed down my webpages loading time.
Google's computing power makes DFP a lot faster then OpenX on my dedicated box.

By the way Walter, are you by any chance running the forumfactory?
Click to expand...
You linked to a German language version.

I'll be interested in hearing about proof that OpenX JS slowdowns your page. Aren't other systems using JS to deliver as well. And I believe OpenX has several delivery methods.

do you have a side by side comparison between openx and DFP?
Or guide on how you set up your system?
 
First I used OpenX for over 3 years to serve Ads on all my webprojects,
but after the Google caffeine update when speed came into play I worked a lot on
my forums tuning them with pagespeed and yslow as best as I could.

Webmaster Tools showed a very high page loading time for my major forum.
After that I decided to get rid of OpenX and put the AdSense Codes directly into my Website.
This decreased the page loading speed quite a bit.

Direct sales of my inventory is done by my direct marketer which uses Google's DART for Publishers.

I had a complex structure set up in openX using a waterfall structure to serve my Ads.
I used the javascript implementation method to serve Ads because others would not work on my forums
or I was to lacy to work out a different solution.

Just recently I migrated to DFP SB (see at the top right there is a language switch by the way ;)) because
I needed to run split tests again.

Took me about 2 days to comprehend the architecture of DFP and how it works but after that it worked fine.
Can't say that I notice any loading speed changes on my websites but webmaster tools will tell in about a month.
 
Walter said:
As I know that the OpenX advertising script (formerly known as phpAds) is pretty popular amongst forum admins here are some bad news: There is a new exploit out there and there is currently no patch available from OpenX. There are first reports of compromises.

The exploit is done via the Open Flash Chart 2 module (you can upload pretty anything via ofc_upload_image.php). The only solution to prevent attacks is to delete admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php if you don't use the module (99% don't use it).

There are many ways to use this exploit but one sign is if you have a file in admin/plugins/videoReport/lib/tmp-upload-images - e.g. a small shell code php script.

The OpenX web site is currently down (probably flooded by admins).
Click to expand...
Any idea when that file got added, I'm on 2.8.1 and the ofc_upload_image.php script doesn't appear to be there.
 
Anyone able to get Google DFP debug command to work in XenForo?

I keep getting a requested page not found error.
 
It works fine on my site (XF and WP) with the debug command. I just follow their instruction. Make sure when you generate the code to add to your site, select the right option.
 


Write your reply...
Back
Top Bottom