Fritex

Okay, fixed "security maintenance" by manually adding to my Nginx vhost file as follows from below: # 2022. OpenX security maintenance nesto location ~ ^/(?!$|www/) { return 403; } location = /etc/database_action.xml { return 403; } location = /plugins/etc/openXDeliveryLog.xml { return 403; } location = /lib/RV.php { return 403; } And now I see in the Developer Console of my Web browser 403 HTTP error for them as it should be. And now when I log out, log back, log out, log back, it's no more "security maintenance" screen, it goes directly to my "user" (no more system administrator) and works fine.

Okay, I fixed this one. I have to enable "updates", thereafter I have to enable "dashboard". Dashboard working fine now for system administrator, but not working for the "user". And still the "security maintenance" warning after log in. Okay, after enabled "automatic updates" and set interval to "60", thereafter using Maintenance -> Menu to rebuild the menu cache. Working for the "user" I have.

Thank you for feedback about InnoDB! Was thinking to switch to it, but seems I'd better stay with MyISAM at least with Revive AdServer.

Same as me

"You are currently using Revive Adserver v5.3.1 running on nginx 1.21.5, PHP 7.4.27 and MySQL 5.5.5-10.3.31-MariaDB-0+deb10u1."

Recent upgrade to 5.3.1, I have errors on Dashboard for "widget" - error 500. - www/admin/dashboard.php?widget=Disabled Plugin report shows some errors. Wheneve I log into, I see the screen of security maintenance. It's first time I got this. Anayone? Sharing screens here ... https://drive.google.com/drive/folders/1M4-kVuHo9WmhfnoicHbv7GYhe01yiH2F?usp=sharing From error.log file: FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Class 'OA_Central_Dashboard' not found in /var/www/clients/client1/web7/web/lib/OA/Dashboard/Widgets/Disabled.php:33 Stack trace: #0 /var/www/clients/client1/web7/web/www/admin/dashboard.php(58): OA_Dashboard_Widget_Disabled->display() #1 {main} thrown in /var/www/clients/client1/web7/web/lib/OA/Dashboard/Widgets/Disabled.php on line 33" while reading response header from upstream, Running latest Nginx, PHP 7.4, MariaDB 5.7.

I have got the same issue https://drive.google.com/drive/folders/1M4-kVuHo9WmhfnoicHbv7GYhe01yiH2F?usp=sharing

From the title of this topice, I have an issue where the JavaScript code is placted at the Website for any case of further banners to show up due to clients. But, as the JS code is placed at the right position on the Website and there are either no banners added to the zone, or if any, they are hidden from showing up, but in the statistics the Revive AdServer still counts the views of actually "nothing"? Why is that and how is this possible? Thank you

Image link: https://imgur.com/X3iiLLU

Hello, I've got the following error recently: An error occurred while accessing the database Due to a problem with the database Revive Adserver couldn't retrieve or store data. If this problem is reproducable it might be caused by a bug in Revive Adserver. Please report the following information to the creators of Revive Adserver. Also try to describe the actions that led to this error as clearly as possible. Version: Revive Adserver v5.0.4 PHP/DB: PHP 7.2.28-4+0~20200224.38+debian9~1.gbp1ca010 / Unknown 5.7.29- Page: /www/admin/banner-edit.php Error: Query: INSERT INTO ox_banners (campaignid , contenttype , pluginversion , storagetype , filename , imageurl , htmltemplate , htmlcache , width , height , weight , target , url , alt , statustext , bannertext , description , adserver , alt_filename , alt_imageurl , alt_contenttype , comments , updated , keyword , parameters , status , iframe_friendly ) VALUES ( 196 , 'gif' , 0 , 'web' , 'a79289c5ee4c35f9bdfc08a4206730fe.gif' , '' , '' , '' , 300 , 250 , 1 , '_blank' , 'https://www.hrvatskitelekom.hr/pogodnosti/diners?utm_source=racunalo.com&utm_medium=display&utm_campaign=diners-03-2020&utm_content=300x250' , '' , '' , '' , 'HT Diners Pogodnosti (300x250)' , '' , '' , '' , '' , '' , '2020-03-10 19:23:12' , 'HT Diners Pogodnosti' , 'N;' , 0 , 0 ) $_POST: Array ( [_qf__bannerForm] => [token] => 3ad72414b03898e6a30d01be3fee4f82 [clientid] => 41 [campaignid] => 196 [bannerid] => [type] => web [status] => [MAX_FILE_SIZE] => 10485760 [replaceimage] => t [replacealtimage] => t [description] => HT Diners Pogodnosti (300x250) [checkswf] => 1 => https://www.hrvatskitelekom.hr/pogodnosti/diners?utm_source=racunalo.com&utm_medium=display&utm_campaign=diners-03-2020&utm_content=300x250 [target] => _blank [alt] => [statustext] => [bannertext] => [keyword] => HT Diners Pogodnosti [weight] => 1 [comments] => [submit] => Save changes ) $_GET: Empty

Are you on shared hosting, VPS or dedicated server? Prefer to optimize and tune your MySQL or MariaDB server. Moreover, try using Apache or even better, Nginx with some cache control headers for files, etc.

Which Nginx version are you using? Use 775 rather than 777 on directories: var var/cache var/plugins var/templates_compiled plugins www/admin/plugins www/images Setup robots.txt - block search engines and bots to follow and index: User-agent: * Disallow: / Use the newest version of Nginx, PHP and Revive AdServer. Prefer to use HTTPS. Add HSTS header too. Use Gzip or Brotli, and add Cache headers (expiries, etag, cache-control for html, js, css, images ...). This can help too for security: location ~* \.(git|rb|inc|ht|bak|htaccess|sql|log|htpasswd|engine|info|install|test|po|sh|theme|pl|cgi|py|lua)$ { deny all; # log_not_found off; access_log off; } location ~ /\. { deny all; # log_not_found off; access_log off; } # XSS add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } if ($http_user_agent ~ (Acunetix|libwww|libwww-perl|sqlmap|WinHttp.WinHttpRequest|WinHTTP|Zeus|curl|wget|scan|winhttp|HTTrack|havij|WVS) ) { return 403; } if ( $request_method ~* ^(TRACE|DELETE|TRACK)$ ) { return 403; } set $susquery 0; if ($args ~* "\.\./") { set $susquery 1; } if ($args ~* "\.(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; } if ($args ~* "etc/passwd") { set $susquery 1; } if ($args ~* "boot.ini") { set $susquery 1; } if ($args ~* "ftp:") { set $susquery 1; } if ($args ~* "http:") { set $susquery 1; } if ($args ~* "https:") { set $susquery 1; } if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; } if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; } if ($args ~* "base64_encode") { set $susquery 1; } if ($args ~* "(%24&x)") { set $susquery 1; } if ($args ~* "(127.0)") { set $susquery 1; } if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; } if ($args ~* "(request|insert|concat|union|declare)") { set $susquery 1; } if ($args !~ "^loggedout=true"){ set $susquery 0; } if ($args !~ "^action=jetpack-sso"){ set $susquery 0; } if ($args !~ "^action=rp"){ set $susquery 0; } if ($http_referer !~ "^http://maps.googleapis.com(.*)$"){ set $susquery 0; } if ($susquery = 1) { return 403; } location = /robots.txt { allow all; # log_not_found off; access_log off; } location ~ /nginx.conf { deny all; access_log off; # log_not_found off; } You can also use .htpasswd to protect the filder where your Revive Adserver is installed. So, if wrong user/pass, the visitor/client would get 401 error.

Will take in action ASAP! Moreover, regarding the ticket on Github about v5.0.2 (https://github.com/revive-adserver/revive-adserver/issues/1144), are there any enhancements regarding the stated "HTTP/3+Quic" support added to Revive Adserver v5.0.2? Where can I find and read more about them? Has anyone tried it yet? Thanks

CLIENT INFORMATION: OS: Windows 8.1 Pro Web browser: FireFox Developer 73.0b1 - 64bit - hr-hr (Croatian) WEBSITE INFORMATION: Domain: www.racunalo.com Revive Adserver (OpenX) v4.1.4 - openx.racunalo.com - CSP policy, HSTS, X-headers ... STATUS: Installed and running on a sub-domain openx.example.com and serving ads on example.com. Nginx version: 1.17.7 PHP version: 7.2.26-1+020191218.33+debian9~1.gbpb5a34b MySQL version: 5.7.28 - MySQL Community Server (GPL) CloudFlare - using HTTP/2 and HTTP/3 with QUIC and 0-RTT is "enabled" on the CloudFlare dashboard - CDN and features like rocketloader.js are enabled - HTTPS enabled - TLS enabled Problem description / Issue / Reproduce the problem: When wanting to try out HTTP3, went to "about:config" and changed settings "network.http.http3.enabled" to "true". Restart the Web browser. Visiting the page with Revive Adserver/OpenX, I got "white boxes" where ads should be loaded, but instead they where not showing up. I went to look up in the browser console, and there were errors: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data (1:1282) PICTURE ABOUT THE ERROR IN THE BROWSER CONSOLE: https://ibb.co/DwWsdfc The code for showing the ads For each zone: <ins data-revive-zoneid="ZONE_ID" data-revive-id="UNIQUE_ID"></ins> Written once in the footer, before closing </body> tag: <script async="async" src="//openx.example.com/www/delivery/asyncjs.php" type="text/javascript"></script> WORKING EXAMPLE - ajs.php The JavaScript code for showing up ads with ajs.php - is working on the same settings with HTTP3 enabled in Web browser: example - https://openx.example.com/www/delivery/ajs.php - isworking To sumarize and conclude all, Async display of the ads on HTTP3 is not working, while standard JavaScript code works. Any ideas? Thank you!