Matteo Beccati

@Dion Halcyon Sorry, document.write() is extremely bad and destructive and should be avoided.

Sorry, softaculus or any other 3rd party installers is not something we can help with. You might want to ask them for support. All I can suggest is to try and clear the var/cache directory contents and make sure that permissions are correct.

Sorry, what you suggest requires Revive Adserver to track on permanent storage hashes and the banner that has been displayed, which is kind of a "server side" cookie storage. Being it email, it would also give no possibility for the end user to accept or not. I don't think this can be on the roadmap, especially given the current privacy concerns and laws.

So sorry... the keyword system and direct selection are pretty much deprecated. So are local tags. It seems you're out of luck here :(

How would you expect Revive to know which banner was clicked?

Revive 5.3 will be compatibile with PHP 8.0. We expect to release a release candidate in a few weeks.

Sorry @wppmediagroup, advertiser users never have had the permissions to create campaigns. I also don't see any buttons or links to create new campaigns when logged in as an advertiser used, so could you please elaborate?

During the installation, you should have seen something like: Installing Revive Adserver Plugin: Banner Types PluginOK while the installer was installing all the bundled plugins, e.g.

The installation is not over at that point

Then there is something very wrong with your setup or hosting, or apache security modules. One of the last steps of the installer does also install the plugins.

Perhaps the standard plugins are disabled or not installed.

Did you just change that? Your logs where explicitly mentioning OA_Maintenance_Auto. Also 5 minutes operation interval is an extremely bad idea. Try setting it back to 60 minutes and schedule 1 cron job at minute 0. PS @andrewatfornax I really think we should remove the option.

If you have messages stating that maintenance is complete, there is nothing you should be worrying about. You're using automatic maintenance and concurrent requests will try to trigger it: one will succeed and the others will rigthfully fail. I'd suggest disabling auto-maintenance and setting up scheduled maintenance via cron.

My suggestion would be to try and restart MySQL. I do remember having seen once or twice such lock being stuck and not released.

To everyone else that I haven't already contacted, if you are interested to help pls PM me. I'll send you my IP and SSH key to see if I can find any more clues.

Research is still ongoing: we are in touch with a few affected users, but until now we haven't received enough evidence to understand how the malicious plugin or the php files in the images folder are being planted.

Hi @scott001, I'm sorry - we must have missed this. We've had similar reports, but until now no one was able to provide any useful information on how the malware or compromised plugin files were injected in the first place. Do you have any older logs that could help?

@Snaggy yes, absolutely. An/or you can find a pristine file in etc/plugins/openXBannerTypes.zip. The zipfile can be used together with the "Import" button in the plugin screen to overwrite the existing files.

@tvvpmi Yes, please clean up your plugins/bannerTypeText/oxText/genericText.delivery.php file, which has most likely been compromised at some point. Unfortunately the logs sent by @sunech didn't cover the time when that happened.

Thanks for your help. Would any of you allow me to have a closer look, in order to see if I can spot anything else that's unusual and possibly gather more information?

data-revive-id is a hash calculated using the delivery and deliverySSL config values. @Adi The old one had "www" in the path while the new one doesn't, that's why you're getting a different id.

It's a known incompatibility with the utf8mb4 charset: https://github.com/revive-adserver/revive-adserver/issues/740

@olabre See my original reply. Testing upgrades from 2.0.11-pr1 is now part of the release process. Tags should also be compatible, as long as you are not using functionalities that have been removed.

@OMG I believe you just need to make sure that This banner can be safely displayed inside an iframe (e.g. is not expandable) is checked in the banner-edit screen.

As I said earlier, only "clickTag" is supported. Revive AdServer only supports a single destination URL.