1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning: OpenX backdoor (is your adserver compromised?)

Discussion in 'Off Topic' started by Walter, Aug 8, 2013.

  1. Walter

    Walter Well-Known Member

    As I know that the OpenX advertising script is pretty popular amongst forum admins:

    Juergen Schmidt from Heise.de has detected that OpenX 2.8.10 contains a backdoor (!). OpenX today has released a new version 2.8.11 that is fixed:

    How to upgrade your installation:

    How to secure your installation:
    (but of course that doesn't help anything against a backdoor in the ZIPs you download from the original website sigh)

    How to detect if your system contains the backdoor:
    find . -name \*.js -exec grep -l '<?php' {} \;
    to look for a Javascript file. If the file contains something like
    this.each(function(){l=flashembed(this,k,j)}<?php /*if(e)
    */$j='ex'./**/'plode'; /* if(this.className ...
    you have found the backdoor.

    But in any case, upgrade to 2.8.11!
  2. dutchbb

    dutchbb Well-Known Member

    Glad I read your earlier threads about OpenX and learned about Google DoubleClick so I don't have to worry about this **** anymore.
    Last edited by a moderator: Aug 8, 2013
    HWS likes this.
  3. Andy.N

    Andy.N Well-Known Member

    Same here. I read Walter posts years ago about openx exploits when i still using the system. I moved to dfp soon after that.
    Surprised he still puts up with that software
  4. HWS

    HWS Well-Known Member

    Using Openx is suicide for your business. This is simply a non secure software.
    Forsaken likes this.

Share This Page