Jump to content


Approved members
  • Content Count

  • Joined

  • Last visited

About scott001

  • Rank

Recent Profile Visitors

1,032 profile views
  1. scott001

    XSS/Code Injection Issues

    One of the Ad Networks that I used to serve ads from is called District M. Through them, unfortunately, I was also serving ads that contained horrible pop up malware...the type of ad pop up that you can't close or use the back button on--Usually claiming that you won a prize or that your device is infected and you simply need to download their "fix" to resolve it. I am wondering if it is possible that this type of malware could have also been the source of the 2 backdoor files? Could this malware also have utilized a Revive Adserver exploit to get the two files onto my site? I am surprised that more Revive folks have not responded here, as I do believe that there should be more concern about whatever exploit is being used to infect Revive installations. I've been using this software for over 10 years since it was called PHPAdsNew, and have never had such issues before.
  2. scott001

    XSS/Code Injection Issues

    So I disinfected my site...these two files, according to Comodo, were back door scripts. Both were in my site's /www/images directory, so everyone may want to check their installation as well. The most disturbing thing is that one had the same date/time stamp on it as the Revive Adserver files 5/24/18 @ 3:49 AM. Is it possible that hackers somehow added this file to Revive's installation zip file before I downloaded it? I am just speculating here, but I am not sure how else that file could have the same date/time stamp as my other files.
  3. scott001

    XSS/Code Injection Issues

    Thank you for this! I will report what I find here. So that grep command did not work because the files I found are somehow encrypted. For example, here is a small part of it: <?php $ijdskjfk["&@#13^3^4^%&3$*136223%(&3&%3%14**2&@$#&*6^#^^$&1(_22%!^=@%^+#@^&##@3##333#2$^3-3&$$3(323^^2&3)15&&5$57*)%)^53%&2#226&^%%%1##4^-^=4&43&^@#4=^%-3*3"]="\x32@\x25%\x25@\x5e%\x35^\x5e5\x32)\x25+\x3f5\x325\x34*\x31*\x5e1\x32&$
  4. scott001

    XSS/Code Injection Issues

    I am running the latest version of Revive Adserver and am experiencing what I believe to be XSS code injection issues. I believe there could be a vulnerability/exploit out there. I've been running PHPAdsNew/OpenX/Revive for over 10 years and haven't had this happen before. I've checked for extra admin accounts and there are none, I changed my passwords, etc., but basically any ads I display cause a malware pop-up that you can't close followed by virus warnings. Also, I found files that were likely injected into my images folder...the contents were php but coded so they could not be read: ef245a0187359c78f346589bb7628562.php 45a0187359c78f346589bb7628562.php Any ideas out there on how to deal with it? I could use some help! Thank you!
  5. scott001

    Recent impression probability issues

    Ultimately I fixed this, and it was caused, apparently, by an advertiser that I created years ago. Re-creating the advertiser and ads solved the issue.
  6. After updating to the latest version of Revive Adserver v4.1.4 from version 4.1.1, I am having some issues with campaigns not balancing correctly. I have a group of banner zones which only two advertisers share, so each campaign is set at 50 weight, and when I look at each banner zone's Probability they correctly show 50% to each advertiser. However, the actual impressions that are displayed favor one advertiser ~80% to 20%. I've checked everything and can't find a reason for this. Any ideas? Also I am seeing this refused to connect. on my dashboard--the dashboard hasn't worked for quite some time...is this normal? If not, any guidance on fixing it?
  7. My site is a secure https site, and when I run tests on it the cookies that Revive Ad Server sets are non-https, insecure cookies. Is there a way that I can force the cookies to be https?
  8. scott001

    What Files, What Permissions

    Sorry to flog a dead horse, but the permissions above still create issues. So these make all errors go away, and seem to be the default setting for most people (just in case, a+w = 666): chmod -R a+w /revive/var chmod -R 444 /revive/var/www.my-domain.com.conf.php chmod -R a+w /revive/var/plugins/ chmod -R a+w /revive/var/templates_compiled/ chmod -R a+w /revive/www/images/ chmod -R a+w /revive/www/admin/plugins/ However, when I protect the files below, some of which contain passwords to my database, the software throws the permission warnings. chmod -R 644 /revive/var/cache/*.php chmod -R 644 /revive/var/cache/*.php.meta What is your view on these files? Should they not be protected better, given that they contain sensitive info?
  9. This works fine, and perhaps should be the way the code is implemented?
  10. Here is what I've done, and I hope my banner stats will still be correct. I removed this tag throughout my entire site in my async ad code. This code appeared with each banner call, and in my case this meant 7 or more times per page load: <script async src="/adserv/www/delivery/asyncjs.php"></script> at the bottom of my site's global template, just before the closing </body> tag, I added this, and notice the "defer" in it: <script async src="/adserv/www/delivery/asyncjs.php" defer></script> I am testing it now, and hope the stats, click tracking, etc. will work. I will report my findings here. Doing this has done several things for my site speed, for example these scripts were causing a render blocking javascript issue on google's page speed tests, which has gone away now. Since the script is only loaded once, it speeds up the loading of each page.
  11. Any help would be appreciated....I am surprised that this isn't an issue for more users.
  12. For some reason my dashboard is now a blank white page--only the header shows up. I see no errors in my logs. Any idea why?
  13. I use async tags like below to several ads per page. <!-- Advertising Asynchronous JS Tag - Generated with Revive Adserver v4.1.4 --> <ins data-revive-zoneid="325" data-revive-id="1231231236728d3123911a0123"></ins> <script async src="//www.mysite.com/adserv/www/delivery/asyncjs.php"></script> It works fine, however, on site speed tests I am now seeing warning like this: The following scripts are parsed and executed several times on your page: //www.wheat-free.com/adserv/www/delivery/asyncjs.php (parsed and executed 11 times) 1) I am aware of the single page call tag that I've used in the past to serve ads, but is it possible to use the single page call with the async tags? 2) A proposed solution that is used widely, is below, but I am not sure how to make this work for my site..any help would be appreciated. I'm not even sure, once this is written properly for my situation, where the script would go...the header? Here is their example for Facebook--I have bolded area that probably need to to be changed, but again, I am not sure: (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); So to make this work for my ad script: //www.mysite.com/adserv/www/delivery/asyncjs.php it might look something like this: (function(d, s, id){ var js, mjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//www.mysite.com/adserv/www/delivery/asyncjs.php"; mjs.parentNode.insertBefore(js, mjs); }(document, 'script', 'mysite-jssdk'));
  14. scott001

    What Files, What Permissions

    Just FYI, here is how I've been doing this, and it stopped the errors, and I believe is a secure way to run for most apache users: chmod -R a+w /revive/var chmod -R 644 /revive/var/cache/*.php chmod -R 644 /revive/var/cache/*.php.meta chmod -R 444 /revive/var/www.my-domain.com.conf.php chmod -R a+w /revive/var/plugins/ chmod -R a+w /revive/var/templates_compiled/ chmod -R a+w /revive/www/images/ chmod -R a+w /revive/www/admin/plugins/ PS - These should be run in order from top to bottom.
  15. scott001

    What Files, What Permissions

    Sorry to bring this up again, but I upgraded yesterday and ran into more permission issues. So the command that your software said I need to run before upgrading was: chmod -R a+w /public_html/revive/var This puts permission for everything in that directory at 666. The problem is that there are a few files in /var/cache that contain my database password info, like www.mysite.com_admin_container.php and localhost_admin_container.php. Do you agree that these probably should not be at 666? Changing these to 644 or 444 seems to trigger the warnings.