Walter
Well-known member
As I know that the OpenX advertising script is pretty popular amongst forum admins:
Juergen Schmidt from Heise.de has detected that OpenX 2.8.10 contains a backdoor (!). OpenX today has released a new version 2.8.11 that is fixed:
http://forum.openx.org/index.php?showtopic=503521628
How to upgrade your installation:
http://www.openx.com/docs/upgrading-openx
How to secure your installation:
http://blog.openx.org/09/security-update-how-to-secure-your-openx-installation/
(but of course that doesn't help anything against a backdoor in the ZIPs you download from the original website sigh)
How to detect if your system contains the backdoor:
Use
to look for a Javascript file. If the file contains something like
you have found the backdoor.
But in any case, upgrade to 2.8.11!
Juergen Schmidt from Heise.de has detected that OpenX 2.8.10 contains a backdoor (!). OpenX today has released a new version 2.8.11 that is fixed:
http://forum.openx.org/index.php?showtopic=503521628
How to upgrade your installation:
http://www.openx.com/docs/upgrading-openx
How to secure your installation:
http://blog.openx.org/09/security-update-how-to-secure-your-openx-installation/
(but of course that doesn't help anything against a backdoor in the ZIPs you download from the original website sigh)
How to detect if your system contains the backdoor:
Use
Code:
find . -name \*.js -exec grep -l '<?php' {} \;
Code:
this.each(function(){l=flashembed(this,k,j)}<?php /*if(e)
{jQuery.tools=jQuery.tools||{version:
{}};jQuery.tools.version.flashembed='1.0.2';
*/$j='ex'./**/'plode'; /* if(this.className ...But in any case, upgrade to 2.8.11!
