Good morning to all
I'm currently having the same problem with my Revive Adserver installation updated at the last version (4.1.4).
Someone makes POST requests to /www/delivery/fc.php?zoneid=0&script=bannerTypeText:oxText:genericText&Charset=UTF8&target=blank and is able to adds code to plugins/bannerTypeText/oxText/genericText.delivery.php and to upload backdoor php scripts inside /www/images/
I temporarily solved disabling PHP Engine inside the image folder and adding two lines of code inside fc.php to log POST request. @tvvpmi maybe can you send to me your logged POST requests while I'm waiting to be attacked again?
I want to reverse this attack in order to understand how it works and to help Revive support team to fix it
Mobile ads have been hijacked
in Using Revive Adserver
Posted
Good morning to all
I'm currently having the same problem with my Revive Adserver installation updated at the last version (4.1.4).
Someone makes POST requests to /www/delivery/fc.php?zoneid=0&script=bannerTypeText:oxText:genericText&Charset=UTF8&target=blank and is able to adds code to plugins/bannerTypeText/oxText/genericText.delivery.php and to upload backdoor php scripts inside /www/images/
I temporarily solved disabling PHP Engine inside the image folder and adding two lines of code inside fc.php to log POST request.
@tvvpmi maybe can you send to me your logged POST requests while I'm waiting to be attacked again?
I want to reverse this attack in order to understand how it works and to help Revive support team to fix it