• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Warning: OpenX backdoor (is your adserver compromised?)


Well-known member
As I know that the OpenX advertising script is pretty popular amongst forum admins:

Juergen Schmidt from Heise.de has detected that OpenX 2.8.10 contains a backdoor (!). OpenX today has released a new version 2.8.11 that is fixed:

How to upgrade your installation:

How to secure your installation:
(but of course that doesn't help anything against a backdoor in the ZIPs you download from the original website sigh)

How to detect if your system contains the backdoor:
find . -name \*.js -exec grep -l '<?php' {} \;
to look for a Javascript file. If the file contains something like
this.each(function(){l=flashembed(this,k,j)}<?php /*if(e)
*/$j='ex'./**/'plode'; /* if(this.className ...
you have found the backdoor.

But in any case, upgrade to 2.8.11!


Well-known member
Glad I read your earlier threads about OpenX and learned about Google DoubleClick so I don't have to worry about this **** anymore.
Last edited by a moderator:


Well-known member
Same here. I read Walter posts years ago about openx exploits when i still using the system. I moved to dfp soon after that.
Surprised he still puts up with that software