Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Unfortunately no one from Revive has commented on this to confirm if it's just a edit to the database record of version, or that it hasn't fully migrated correctly. Still waiting for direction!
  3. Today
  4. Hi all, we are facing exactly the same issue. After following the update path to version 5.0.5 this message appears: Sie nutzen derzeit Revive Adserver v5.0.5 (warning: database is stamped as v4.2.1) laufend auf Apache, PHP 7.2.29-1+0~20200320.39+debian9~1.gbp513c2e und MySQL 5.5.5-10.1.44-MariaDB-0+deb9u1. Is editing the the value of oa_version in table rv_application_variable the appropiate workaround? Is the database migrated correctly? What else can we do to perform this upgrade? Please let us know if providing any data etc could help. Thanks in Advance, Jessica
  5. Yesterday
  6. Response to report about outdated Revive Adserver installations being compromised Summary A report about compromised Revive Adserver installations does not emphasize enough that these installations ran outdated versions of the software. We put a lot of effort into security updates. As part of that, we are about to introduce rewards for security researchers who report newly found vulnerabilities responsibly on HackerOne. We urge users to always update to the most recent version available. In more detail A few weeks ago, a company called Confiant posted a blog about some cases where they discovered Revive Adserver installations being compromised. Whoever was responsible for this then proceeded to insert malicious codes into existing ads. The malicious codes would redirect site visitors exposed to these compromised ads to sites that would then attempt to infect the visitor’s computer or perform other malicious actions. In their blog post, Confiant points to our Github project and – unfortunately – misspells our project name consistently. They describe the Revive Adserver project as “a huge PHP project that has been around for well over a decade.”. They also link to our webpage with past Security Advisories and our HackerOne program page. Next, Confiant is correct in stating (direct quote from their blog): This not to say that the Revive team doesn’t handle security issues well, but more to illustrate that this is a large project that has been around for many years and that there are many ad serving infrastructures out there that are based on dated versions of Revive. And that last part is where the crux in this matter lies: even though our project frequently releases updates of the Revive Adserver software, which anyone can download free of charge and install in a matter of minutes, there are still many individuals and organizations who continue to run outdated versions. This is – of course – not limited to just our software. Keeping the software being used for an online operation up to date is crucial, but that doesn’t mean that everyone puts in the effort all the time. As can be seen from our Security Advisories page and from our release history, we put a lot of effort into investigating any reported vulnerabilities, and into releasing security fixes for these as soon as is humanly possible. However, we can’t force the users of our software to update. Fortunately, many users do so anyway. At the time of this writing, almost 1,600 known installations of our software run the recent v5.0 x software. And more than 600 of those have been updated to the most recently published version v5.0.5, just a few weeks after it was released. For good measure: both v5.0.5 and v5.0.4 contain some security fixes, and these were all for very minor issues that are completely unrelated to the larger problem that Confiant refers to. And Confiant even adds: “For context, Tag Barnakle have compromised ~60 ad servers in total.”. So, in the context of literally thousands of known installations, the number of compromised installations is relatively small. Of course, even just one compromised installation is one too many. Contrary to what Confiant writes, this is not a new problem. The practice of attacking and compromising outdated installations of ad server software has been around for as long as ad servers have been in existence. That’s because an ad server is a very attractive environment for criminals, since it enables them to very easily reach a large audience. In that sense, creators of malware are not that different from regular advertisers. Confiant does not give any detail about how the compromised installations were attacked. We assume however, that these attackers simply use the well published attack vectors to get into outdated installations. People and organizations running outdated versions with known security vulnerabilities are in fact responsible for the issues they face. We do our very best to inform our users as soon as a new version is available. We have a free mailing list to inform subscribers about new releases. The software displays a message inside the user interface, informing system administrators about new releases. We post updates on our blog, on the community forums, on Twitter and on Facebook. But then the users themselves will have to take action and spend a little time to actually perform an update. We continue to take the security of our software extremely seriously. And we’re literally putting our money where our mouth is. Later this year, we will enhance our existing HackerOne program, offering rewards to security researchers who report new vulnerabilities to us, obviously, in a responsible manner. We will investigate any report we receive and we will release security updates if and when necessary. Meanwhile, we urge our users to always update their installations to the most recent version of the Revive Adserver software. It was, is, and continues to be a free download, so there’s no reason to delay updating for financial reasons. Don’t want to update yourself? Alternatively, if you don’t want to spend any time on keeping the software up to date, we also have a Hosted edition that you can subscribe to. This is a Software-as-a-Service offering that uses the exact same software, and that will always be kept up to date with the most recent version. All you have to do is subscribe, log in and use it. The post Response to report about outdated Revive Adserver installations being compromised appeared first on Revive Adserver. View the full article
  7. Last week
  8. Earlier
  9. It seems to me, that the pagination on this boards message listings is broken. Could you fix that?
  10. From what I'm aware, we use zones and the invocation code for it. I haven't heard of Direct Selection and whenever I search it up, it says it's supposed to be deprecated or that you can't use it together with zones. So what is it and why does it still show up in traffic reports? Thanks!
  11. Hello, I have figured out that if I change from "Asyncronous JS Tag" type of banner invocation to "Javascript Tag" type of banner invocation, my local ads (i.e. the banner images I have on "machine1") load ok. However, the Google Adsense and the Bing banners do not display. Where do I look for errors? Thanks and regards, Neil.
  12. it's hard to help you with the information you've supplied. do you have any clue why the ads do not display? do you get an error?
  13. Hello - I have had Revive Adserver working find for many years. I have a main Ubuntu server which runs Revive Adserver and several other domains running on a second Ubuntu server. Everything ws working fine until recently. Now the ads do not display on any of the domains on the second Ubuntu server. (The ads still serve ok on domains running on the first Ubuntu server.) I also configured SSL on the Revive Adserver but I don't know if this is what has caused the problem. i.e. machine1 - Revive Adserver - domainA, domainB, domainC machine2 - domainD, domainE, domainF, domainG ---> Revive Adserver on "machine1" serves domains on "machine1" and "machine2". Does anyone know what I can do to get the ads working again on both Ubuntu servers from the same Revive Adserver installation? Regards, Neil.
  14. Hi Team, We have the huge number of statistics data.We would like to have remove some statistical data from current statistics table and but we would like to see the statistics whenever we required old data.Shall we migrate data from another database and show from there?Can you suggest some standard solution?
  15. Hi, I solved my problem. As I migrated the data by myself, the id sequence (postgres) were out of sync. So, when trying to write in rv_data_summary_ad_hourly, it was trying to write to an ID that already exists. To fix that, I set the rv_data_summary_ad_hourly_data_summary_ad_hourly_id_seq manually: BEGIN; -- protect against concurrent inserts while you update the counter LOCK TABLE rv_data_summary_ad_hourly IN EXCLUSIVE MODE; -- Update the sequence SELECT setval( 'rv_data_summary_ad_hourly_data_summary_ad_hourly_id_seq', COALESCE((SELECT MAX(data_summary_ad_hourly_id)+1 FROM rv_data_summary_ad_hourly), 1), false ); COMMIT;
  16. Hello, I am new to Revive and I am probably doing something terribly wrong. I had Revive in a very old server and I needed to transfer it to a new server, with updated php, database and revive version. So I decided to manually copy only the revive data, but excluding configuration data. Everything is working well, except by the statistics. All the statistics from before the export are working fine. But after that date, the new statistics are not showing up. Querying `SELECT * FROM rv_data_bkt_m order by interval_start desc` I noticed that when new-hour-statistics are inserted, the hour-before-statistics are deleted. For example, when interval_start is "2020-05-19 11:00:00", all data with "2020-05-19 10:00:00" is deleted from that table. Is that correct? Thank you, Matheus
  17. Is there an option to force Revive to generate the URLs in the iframe invocation tags using either "https://" or just "//"? The site they'll be served on is served over https, but currently the iframe invocation tags hardcode "http://" and the only solution I could see was editing each URL by hand. Is there an option/config that I'm missing? thanks
  18. Hello Guys, I have problem, my banner not appear to the website. This is the code. <!-- Revive Adserver Asynchronous JS Tag - Generated with Revive Adserver v5.0.5 --> <ins data-revive-zoneid="1" data-revive-id="7eb46a171fbf386b6ef7f6791cd1cde4"></ins> <script async src="//hikmah-ads.com/openx/www/delivery/asyncjs.php"></script> may i have wrong configurations? Please Help, Thank You,
  19. Hi, we are considering to change to Revive AdServer due to GDPR issues here in germany. We are loosing user range with our banners, because of the cookie consent banner. Revive seems perfect to our needs and i am really happy with the performance and usability of this adserver, but the do or die question is how to use it without any cookie, even the OAID cookie. As i understand it, this cookie isn't needed by the core and is only used for counting returning visitors. So ist there any possibility to really deactivating it? We are totally aware about what a cookie free configuration could cause to the quality of data, but getting rid of the cookie consent banner is worth it.
  20. Chrome states that options should be SameSite=None Secure Error A cookie associated with a cross-site resource at http://example.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
  21. I am having this issue with 5.0.5
  22. The right answer is about the proto http header as in
  23. Hi Revive team! I have remnant campaigns running with a weekly schedule, but once in a while I do big sales for 24/7. I tried to have these big sales appear in the game, instead of the normal weekly schedule, by setting up the banners in an override campaign, but the banners from the remnant campaign keep showing. I used to deactivate the remnant banners whenever I had a big sale, so I ensured that it would show (reactivate again later), but it cost me too much time, so that is why I tried it like this. What am I doing wrong?
  24. @Maki, mate, really? There error is right there on the page, telling you what the software is having an issue with. It might not make sense, but please, go back, take another look, and confirm your setup.
  25. I don't think that is the error because I have been using mysqli extension even in the old database. What I need now is how to edit the database config file to connect to a database which is outside the application server because I tried connecting to a new database which is hosted separately and I got the above error page.
  26. "PHP has not loaded the mysqli extension" - is that the one?
  27. Thanks solved my issue. The language pack files are found in lib/max/language folder in case anyone has an issue finding them.
  1. Load more activity


×
×
  • Create New...