Jump to content

stapel_eliz

Approved members
  • Posts

    40
  • Joined

  • Last visited

Posts posted by stapel_eliz

  1. 1) I (finally) got around to updating Revive from 2016's 5.0.4 to 2021's 5.3.0. I did the update through cPanel's Softaculous package. It did the update successfully, but didn't seem to *know* that it had done the update, as it reported that I was still running 5.0.4. When I asked it then to do the update again, it checked and then "noticed" (?) that the version was indeed 5.3.0. The "installation" date remained from 2016. Today, I used Softaculous (which was still showing the version as being 5.0.4) to update from 5.3.0 to 5.3.1. The update went through correctly, and Softaculous has updated the version to show 5.3.1. However, the install date from 2016 remains. Ideas?

    2) When I log into Revive, I am immediately taken to the Admin's Configuration => Maintenance => Security page, where I find the following warning:


    Some directories in the Revive Adserver package are not supposed to be served by your webserver directly, for security reasons. Leaving such files and directories accessible might disclose unwanted information and pose a security threat. A quick security check has been run and you will find the results below.
         
       Your browser was able to fetch some files that should not be accessible. For example:

        var/INSTALLED
        var/cache/README.txt
        etc/database_action.xml
        plugins/etc/openXDeliveryLog.xml

       Click here to find more information on how to secure your installation.

    When I click on the "more information" link, I am taken to:

     * https://www.revive-adserver.com/how-to/secure-your-installation/

    My Apache server *does* allow .htaccess files, so the above page kinda reads like I shouldn't need to do anything. But I tried adding the specified language anyway:

       <Directory /home/username/public_html/revive_directory>
        AllowOverride AuthConfig Limit
       </Directory>

    This immediately started generating loads of server errors. So I removed the language, and am now stuck with the Security "warnings". Another user has even tried deleting the README file, but still gets the error message about it. (See thread below.)

    In my case, the INSTALLED file is empty, so I fail to see what "risk" it could pose...?

    Are these files, and their possible accessibility, *really* an issue? If so, will somebody from Revive please provide a working fix, or at least reply with an explanation?

    Thank you!

    Eliz. Stapel

  2. On 10/12/2021 at 6:57 AM, PeteSE4 said:

    Default page after login takes me to the security maintenance page complaining the browser can fetch files it shouldn't, for example var/cache/README.txt. I've tried using .htaccess and even deleted the README.txt file, yet the warning still keeps popping up. Any ideas?

    I am seeing the same error messages. My Apache server allows .htaccess files, so I shouldn't have needed to do anything, according to this page:

    * https://www.revive-adserver.com/how-to/secure-your-installation/

    But, upon receiving the error messages within Revive, I added the "AllowOverride AuthConfig Limit" language to each of the .htaccess files. This causes loads of server errors immediately to be generated, so I removed the language. Revive's security notice then returned.

    Given the choice between (a) the server being unhappy and (b) Revive having quibbles, I'll chose the server every time.

    Since the files' non-existence (after you made your deletions) is not sufficient to "fix" the Security check within Revive, and since nobody here seems to have an answer, you may just have to tell your user that it's a known error, you hope it'll be fixed soon, and he can ignore it.

    Good luck!

    Eliz.

  3. 440music: I've looked in my configuration file, and I can't find any database-version information in it.

    michems: I had updated from 5.0.4 to 5.3.0 thru cPanel's Softaculous package, and it continued, after updating, to think I was running 5.0.4. But when I asked it to update (again), it "noticed" that I was really running 5.3.0. However, the date of installation remained from back in 2016. Today, I've updated from 5.3.0 to 5.3.1 thru Softaculous. The package now agrees that the version is 5.3.1; however, the installation date remains 2016. I have no idea how one might go about fixing this.

  4. Dang. When I saw your subject line in response to my search, I was hopeful of an answer, and possibly even a solution. I guess not, huh?

    If I figure anything out (a big "if", as I'm not that bright sometimes), I'll try to remember to post a follow-up here.

    ==============================

    Edit: Is this (below) maybe the answer we're looking for...?

     

     

  5. When I had no targeting rules for the banners, the ads did serve, according to the displayed statistics. With the targeting rules in place, nothing has served.

    Unfortunately, I can find next to no information on "correctly" setting up the targeting. (For instance, I had to figure out for myself that a longitude of "80 degrees W" should be formatted as "-80".)

    I am using Revive 5.0.4. I had to figure out how to install the MaxMind geo-targeting myself, since it did not install automatically. (There was nothing in the /var/plugins/rvMaxMindGeoIP2/ directory but a "*.lock" file.)

    According to the GitHub repository, the "plugins_repo" folder is specifically related to the MaxMind geo-targeting.

    Update: I have also tried using ZIP codes for the particular area, using "OR" connectors, and still no joy.

    Thank you!

    Eliz.

  6. I've upgraded to version 5.0.4, and am attempting to use geo-targeting. I'm trying to use longitude and latitude for the targeting. I'm pretty sure I have set up the MaxMind ASN, City, and Country databases correctly (Revive shows the geo-targeting options as available.)

    However, using a proxy server, I cannot seem to get the geo-targeted ad to display, so I'm wondering if I actually have things set up correctly. When I look at GitHub and at various forum posts, I see that geo-targeting might need the "plugins_repo" directory. My installation doesn't have this.

    Advice?

    Thank you!

    Eliz.

  7. The problem turned out to be that my server host hadn't actually updated PHP from version 5-point-somthing, despite my request that they do so (and assurances that they had). When Revive did the update (via cPanel's Softaculous), it asked if it could update the version of PHP but, though I'd said "yes", the update didn't apparently go through.

    The solution was to do the update myself.

    Thank you!

    Eliz.

  8. When I log into my Revive dashboard, I can check the various advertiser accounts that have been set up. When I do so, I am able to view the linked zones and any delivery limitations.

    Today, I logged into a new advertiser account (on v4.2.1), and realized that the advertiser does not have access to this information.

    Is this how the client accounts are supposed to be, or have I messed something up?

    Thank you!

    Eliz.

  9. Since updating my installation recently, I've been seeing error messages. According to the current installation (while in "Admin" mode):

    You are currently using Revive Adserver v4.2.1 running on Apache 2.4.39, PHP 7.0.33 and MySQL 5.6.44-.

    When I open an "inventory" account (in "manager" mode), I see the following message:

     

    MESSAGE: Declaration of OA_Admin_UI_Rule_Min::validate($value, $min) should be compatible with HTML_QuickForm_Rule::validate($value)

    TYPE: Warning
    FILE: /home/purple04/public_html/mathads/lib/OA/Admin/UI/component/rule/Min.php
    LINE: 41
    DEBUG INFO:

    36 function getValidationScript($options = null)
    37 {
    38 return array('', ""); //return nothing, we use JQuery validate anyway
    39 }
    40

    41 }


    42 ?>
    43
    44
    45
    46

    According to the debug log (with the domain's server account being anonymized as "domain"):

    RV-5d4db179922a2 [  warning] 
     Declaration of OA_Admin_UI_Rule_Min::validate($value, $min) should be compatible with HTML_QuickForm_Rule::validate($value)
     on line 113 of &quot;/home/domain/public_html/adserver/lib/max/ErrorHandler.php&quot;
     on line 125 of &quot;/home/domain/public_html/adserver/lib/pear/HTML/QuickForm/RuleRegistry.php&quot;
     on line 125 of &quot;/home/domain/public_html/adserver/lib/pear/HTML/QuickForm/RuleRegistry.php&quot;
     on line 174 of &quot;/home/domain/public_html/adserver/lib/pear/HTML/QuickForm/RuleRegistry.php&quot;
     on line 1797 of &quot;/home/domain/public_html/adserver/lib/pear/HTML/QuickForm.php&quot;
     on line 194 of &quot;/home/domain/public_html/adserver/lib/pear/HTML/QuickForm/Renderer/Array.php&quot;
     on line 40 of &quot;/home/domain/public_html/adserver/lib/OA/Admin/UI/component/ArrayRenderer.php&quot;
     on line 1675 of &quot;/home/domain/public_html/adserver/lib/pear/HTML/QuickForm.php&quot;
     on line 300 of &quot;/home/domain/public_html/adserver/lib/OA/Admin/UI/component/Form.php&quot;
     on line 307 of &quot;/home/domain/public_html/adserver/lib/OA/Admin/UI/component/Form.php&quot;
     on line 245 of &quot;/home/domain/public_html/adserver/www/admin/advertiser-edit.php&quot;
     on line 88 of &quot;/home/domain/public_html/adserver/www/admin/advertiser-edit.php&quot;

    The lines in the "warning" are always the same, but they're not occurring continuously, so not every ad impression is generating errors... I think...

    Any ideas? I don't know if it matters, but I did the update via cPanel's "Softaculous" utility. And ads are indeed being served and logged.

    Thank you!

    Eliz.

    Edit: In poking around GitHub, I see that many files were updated "14 days ago". Does this mean there is a newer version of Revive?

    https://github.com/revive-adserver/revive-adserver

       
  10. I may have found a fix, and it involves editing the "async.js" file. I am NOT a coder, so USE AT YOUR OWN RISK!

    In the "development" folder at the github page for Revive, the "www/delivery_dev/async.js" file contains the following:

    74                /**
    75                 * The start event handler. Delivery can be prevented by setting e.detail.start = false.
    76                 *
    77                 * @param {CustomEvent} e
    78                 */
    79                start: function (e)
    80                {
    81                    if (e.detail && e.detail.hasOwnProperty('start') && !e.detail.start) {
    82                        return;
    83                    }
    84
    85                rv.removeEventListener('start', rv.start);
    86
    87                rv.dispatchEvent('refresh');
    88                },

    I took the comment to heart, and decided to copy my Javascript (which was functioning correctly in reading the GDPR cookie value) into the "async.js" file.

    Note: In the actual "async.js" file, everything is in one line, rather than nicely broken up so as to be easily read. For testing, I first inserted my coding without stripping all of the empty spaces, line returns, etc.

    So my new "start: function (e)" looks like this:

                        start:function(g){
                        // Begin my custom coding for reading the cookie value
                        var CB_value, CB_consent, cb2ox;
                        if (document.cookie.split(';').filter(function(item){return item.indexOf('CookieConsent=') >= 0}).length){
                            function getCBval(cname) {
                                var name = cname + "=";
                                var decodedCookie = decodeURIComponent(document.cookie);
                                var ca = decodedCookie.split(';');
                                for(var i = 0; i <ca.length; i++) {
                                    var c = ca;
                                    while (c.charAt(0) == ' ') {
                                        c = c.substring(1);
                                    }
                                    if (c.indexOf(name) == 0) {
                                    return c.substring(name.length, c.length);
                                    }
                                }
                            }
                            var CBval = getCBval("CookieConsent");
                            if (CBval == '0'){
                                CB_value = 0;
                                CB_consent = false;
                            }
                            else{
                                CB_split = CBval.split(",");
                                CB_array = new Array();
                                for(i=0;i<=5;i++){
                                    CB_array = CB_split;
                                }
                                CB_value = CB_array[4];
                                if (CB_value == "marketing:true"){
                                    CB_consent = true;
                                }
                                else{     
                                    CB_consent = false;
                                }
                            }
                        }
                        else{
                        CB_consent = false;
                        }
                        cb2ox = CB_consent.toString();
                        // End of my custom coding for reading the cookie value
                        
                        // Added "or cb2ox = 'false'" to "if" statement
                        // "if" was "(g.detail&&g.detail.hasOwnProperty("start")&&!g.detail.start)"
                        // I added an extra set of parentheses around the "if" condition
                        // Then I added "||(cb2ox=="false")" inside the "if" condition, after the original condition

                        if((g.detail&&g.detail.hasOwnProperty("start")&&!g.detail.start)||(cb2ox=="false")){
                            return
                        }
                        f.removeEventListener("start",f.start);
                        f.dispatchEvent("refresh")
                    },

    In the above, I've included comments delineating my cookie coding, and also the addition in the "if" statement.

    I have tested the above script in each of Firefox and Internet Explorer, and it appears to work. My cookie script determines if the current website visitor has selected "true" or "false" for accepting "marketing" cookies (this information being available in the "CookieConsent" cookie). If the user has elected NOT to accept marketing cookies (so ads should not display, and the "cb2ox" variable reads "false") or if the user is seeing the GDPR screen for the first time (so GDPR regs require that no cookies be set - yet), then nothing is displayed for any of my Revive "zones".

    Phew!

    Eliz.

  11. I realize that your post is nearly a year old, but would you be able to clarify what you did? For instance, my "db_schema.ini" file looks pretty vanilla, with the "zones" section containing this:

    [zones]
    zoneid = 129
    affiliateid = 1
    zonename = 130
    description = 130
    delivery = 129
    zonetype = 129
    category = 162
    width = 129
    height = 129
    ad_selection = 162
    chain = 162
    prepend = 162
    append = 162
    appendtype = 129
    forceappend = 2
    inventory_forecast_type = 129
    comments = 34
    cost = 1
    cost_type = 1
    cost_variable_id = 2
    technology_cost = 1
    technology_cost_type = 1
    updated = 142
    block = 129
    capping = 129
    session_capping = 129
    what = 162
    rate = 1
    pricing = 130
    oac_category_id = 1
    ext_adselection = 2
    show_capped_no_cookie = 129

    I see nothing that might be particular to my installation, and I have no idea what is the "meaning" of "newZoneField = 2", and would appreciate clarification, as it may assist in an issue I'm facing.

    Thank you!

    Eliz.

  12. I am trying to coordinate between a GDPR cookie-setting script and Revive.

    The cookie-setting script starts out as "false" (so no cookies are supposed to be set) and asks the user to pick the user's "level" of cookies ("necessary", "preferences", "statistics", and "marketing"). The script then sets a cookie as either a "0" (meaning "opts out of everything non-necessary") or else as a more standard type cookie (containing something along the lines of "necessary:true,preferences:[value],statistics:[value],marketing:[value]", where [value] is "true" or "false"). For the purposes of discussion, let's call the cookie "CB".

    I have figured out how to have a Javascript check CB, and return either "true" for marketing, or else "false", writing this value (as a string) into a global variable "cb2ox" (for "converting CB's "marketing" value to an OpenX tag value"). I have figured out how to have another Javascript add "data-revive-cb2ox=[value of cb2ox]" to the "ins" tag in the HTML of a given webpage. (That is, if you view the DOM for the page, the new name-value pair is displayed within the "ins" tag.)

    I've done this scripting set-up on a page that I'm using for testing.

    I have set a Delivery Rule (that is, "Only display this banner when:") as:

    "(Site-PageURL DoesNotContain [testing page's URL]) OR (Site-Variable cb2ox Contains true)"

    If I'm understanding the Rule correctly, this means that ads will be displayed in the customary way on all pages other than [testing page's URL]. However, when the URL is [testing page's URL], the other rule should be checked; that is, the value of "data-revive-cb2ox" should be checked and, if NOT "true", then no ads should display.

    However, ads are still displaying. So clearly I'm doing something wrong. There is no documentation for "Site - Variable", so the error may lie there. Or maybe I've got the Delivery Rule set up wrong. Either way, I'd appreciate advice, instruction, links,... commiseration, sympathy,... whatever....

    Thank you!

    Eliz.

  13. Within the /www/delivery/ directory, I note the following files:

    core.13871   248,520,704   12/13/2015  -rw-------
    core.17991   247,996,416   12/24/2015  -rw-------
    core.2044    248,246,272   11/12/2015  -rw-------
    core.24385   249,286,656   01/09/2016  -rw-------
    core.27415   248,008,704   07/18/2015  -rw-------
    core.31189   247,980,032   08/10/2015  -rw-------

    What are these? More to the point, do I need them? If so, do I need all of them, or only the most recent one? If not, may I delete them?

    Thank you.

    Eliz.

  14. Is there any plugin that would allow end users on my site to click a "report this ad" link, so I would get an e-mail telling me exactly which ad was problemmatic? (Or, if this is a separate scripting thing, or a third-party service, does anybody have a URL they could recommend?)

     

    Thank you!

     

    Eliz.

  15. I have been advised to change the password on my SQL database, in hopes of securing it (in case the hacker managed to snag that information). However, I can't seem to get the password to update.

     

    I've gone into phpMyAdmin inside my cPanel, and tried setting a new password. Then I changed the password in the config.php file. But I can't log in with the new password; however, the old password continues to work.

     

    I've tried setting up a new user with a new password, while removing the old user. After updating the config file, I couldn't log in with the new info, but I could still log in with the old info. I tried deleting the old user completely. After updating the config file, I still couldn't log in with the new info, but I could still log in with the old info.

     

    I tried importing the old database into a new database (with a new name), and creating a new user with a new password for the new database. After updating the config file, I couldn't log in with the new info, but I could still log in with the old info.

     

    What the frick am I doing wrong?

     

    Thank you.

     

    Eliz.

  16. Today, I discovered another hack of my adserver. I'd had version 3.1, with the usual precautions, file permissions, etc.

     

    The new hack appended a Javascript to the text in the "htmlcache" field. There was nothing in the "append" or "prepend" fields. The script was tacked onto the intended text. It put an iframe (calling an undesired URL) at an absolute position, did something with cookies (?), and then put another absolute-position iframe with another undesired different URL.

     

    I've forwarded specific details to the proper e-mail address for this issue; I haven't yet heard back. I have been unable to locate any other instances of this particular hack, either here on through Google in general. I know that details, etc, are not to be posted here, but I wanted to post something, so people would be aware of the issue.

     

    If you've got unintended ads being served up on your site, and if you can't find anything in the "prepend" or "append" fields, check in "banners" for coding in "htmlcache" that doesn't match what you'd intended.

     

    Eliz.

×
×
  • Create New...