Jump to content

eLiX

Approved members
  • Content Count

    6
  • Joined

  • Last visited

About eLiX

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Is there a default user with the username "maintenance" and the email address "support @ revive-adserver.com" with the user_id 999? Checking our database for a possible hack we found this user account and don't really know what this is, but I expect this user to be fake. date_created and date_last_login were both NULL.
  2. So that means, that upgrading to revive likely did not solve my problem then ... In case I am reinstalling the revive adserver completely blank on a totally different server under a different domain - how can I safely import our data to the new system? Do I need to copy&paste every banner by hand to be sure, that there is no malicious code or anything else into it?
  3. Ok, we made a second installation in a different folder with a blank revive adserver 3.2.4 and followed the instructions here https://www.revive-adserver.com/support/upgrading/. In the old OpenX we removed the injected code from the ox_zones tables and a user with the userid 999 with admin rights named "Maintenance" and then we copied the database, because it seemed to be clean then. I followed the instructions from here: http://www.adserveropenx.com/how-to-remove-malware-or-injection-from-openx/ Anything wrong in this procedure? I thought, that will do the job. Passwords were all changed, I'll htaccess the api - folder too now. I removed the file adxmlrpc.php from the root folder to "disable" XML-RPC - is there a better way to disable this than removing the file? Thanks for your hints and tips!
  4. Sure, as I said before: We updated the system to the latest revive version :). But the cache file hack is/was still active...
  5. Hello dJAX, thank you for your reply. Our sysadmin will not provide any login information to unknown people, sorry ;). Our admin area is protected by .htaccess. I am very interested into the attack vector of the scenario the topic owner posted to prevent further modifications.
  6. I know, that this is an old topic, but we are facing the almost same problem right now. After being hacked in the old OpenX version 2.8.x we updated to the latest Revive version 3.2.4 and the compromised database kept clean since then. But the hackers are now using the way like described from the topic opener. I found malicious code into the /plugins/deliveryCacheStore/oxCacheFile/oxCacheFile.delivery.php and a fake cache file under /var/cache/deliverycache_aaq22kik12944a6de781d37d3g0fd972nac6a9.php, which included a link to the hidden iframes, which were injected for Internet Explorers. So I googled and found this: http://www.malekal.com/en-openx-hacks-example-malvertising/ which describes almost the same issue - but I don't know how to fix the entry point right now? Can anyone help?
×
×
  • Create New...