Jump to content

jacopotediosi

Approved members
  • Content Count

    2
  • Joined

  • Last visited

About jacopotediosi

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Good morning to all I'm currently having the same problem with my Revive Adserver installation updated at the last version (4.1.4). Someone makes POST requests to /www/delivery/fc.php?zoneid=0&script=bannerTypeText:oxText:genericText&Charset=UTF8&target=blank and is able to adds code to plugins/bannerTypeText/oxText/genericText.delivery.php and to upload backdoor php scripts inside /www/images/ I temporarily solved disabling PHP Engine inside the image folder and adding two lines of code inside fc.php to log POST request. @tvvpmi maybe can you send to me your logged POST requests while I'm waiting to be attacked again? I want to reverse this attack in order to understand how it works and to help Revive support team to fix it
×
×
  • Create New...