Jump to content

Search the Community

Showing results for tags 'Malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Using and Managing Revive Adserver
    • Documentation
    • Using Revive Adserver
    • Managing Revive Adserver
    • Bugs
  • Advanced Topics
    • Performance, Scalability, and Reliability
    • For Developers
  • Revive Adserver Community
    • Revive Adserver Project News and Announcements
    • Feature Requests
    • Plugins
    • Requests for Consulting
    • Off Topic

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL

Found 6 results

  1. My organization has recently undergone a security incident having to do with our openx server (we use version 2.8.7). What we know - 1. The attacker most probably exploited SQL Injection vulnerability in axmlrpc.php as an enrty point into our organization. 2. From there he went on to modify 2 files in /var/cache to contain malicious code in the "compiledlimitation" key. (This code created a web shell in the plugins directory). 3. Besides the shell created by the malicious files in /var/cache he was also able to create another shell in the plugins directory. This is a publicly available shell, known to be used in the context of openx (https://www.badwarebusters.org/stories/show/19972), titled "Web Shell by oRb". we have no idea how it was created. 4. After a few days the attacker modified the contents of \openx\plugins\deliveryCacheStore\oxCacheFile\oxCacheFile.delivery.php to contain code that infects the openx cache in a way that creates another entry in /var/cache which causes openx to server malicious iframes to users. The attacker modified the oxCacheFile.delivery.php file to contain the code that can be found here: http://ninjafirewall.com/malware/?threat=2014-02-20.01 Our Database and openx installations are on different servers. We have no idea how the attacker was able to create the malicious files in \var\cache or how he was able to modify the contents of oxCacheFile.delivery.php. Does anyone have experience with this type of attack vector? Any help you can provide in understanding the what happened would be greatly appreciated. Thanks,
  2. Hello, Recently I was trying to use adwords for my site but google says I have malware in my site and I must get rid of it before I can start using adwords. I recently upgrade my version of revive to 3.2.2 but google keep saying my site has malware. specifically they say the malware its in this files: /www/delivery/afr.php?zoneid=8&cb=423.64226922392845/www/delivery/lg.php?bannerid=221&campaignid=4&zoneid=18... Have you encountered a simmilar problem? anyone knows how to deal with this in order to google stop saying I have malware? thanks
  3. My revive adserver installation is hacked.. I am not sure what to do and how to protect myself. I will need help with one answer (this is what my hosting company asked me ). This is what they say (and ask) to notify developers: Thank you in advance 1. that in those scripts below has vulnerabilities.2. via those scripts hackers upload web shells to the server.3. If those scripts are not a part of 'advertiser' then we need to remove them. 4473141 16 -rw-r--r-- 1 domains domains 14733 Apr 30 2014 ./deliveryLimitations/dump.php4855755 16 -rw-r--r-- 1 domains domains 12522 Apr 30 2014 ./bannerTypeHtml/vastOverlayBannerTypeHtml/menu75.php2229511 16 -rw-r--r-- 1 domains domains 13265 Apr 30 2014 ./bannerTypeHtml/footer.php4863443 12 -rw-r--r-- 1 domains domains 12197 Apr 30 2014 ./etc/oxInvocationTags/dirs14.php4861793 16 -rw-r--r-- 1 domains domains 13606 Apr 30 2014 ./etc/oxLogClick/alias24.php4861973 16 -rw-r--r-- 1 domains domains 15381 Apr 30 2014 ./etc/Site/proxy.php4456689 16 -rw-r--r-- 1 domains domains 12776 Apr 30 2014 ./deliveryLog/lib20.php4853612 16 -rw-r--r-- 1 domains domains 12908 Apr 30 2014 ./videoAds/footer.phpafter POST query into any of those files, in a file system appears the encoding scripts such advertisers/inc73.php across which the big botnet sends a tons of spam mails. Thank you in advance
  4. Hi: I am using open x 2.8.8. Why? Because upgrade process was not successful last time so I had to stay on Open x. Few days ago, I've got e-mail from google webmaster tools claiming that snippet in header is suspicious. This is suspicious code: <!-- Generated by OpenX 2.8.8 --> <script type='text/javascript' src='http://example.com/advertisers/www/delivery/spcjs.php?id=45'></script> Google stopped sending all traffic to that site and 40 other in network that are using Open x. We did scan and nothing was found. Advertiser links are not going to malware sites. As soon as I've removed that line of code, Google removed warning and resumed sending traffic. But all this sounds like disaster if I can't use open x to serve banners. 40 sites (adult sites) Google doesn't telling me where is malware only that code is suspicious. Is there some advice how to fix this problem and continue to use open x? thanks
  5. Hi, I am already a bit desperate, because some antivirus software identifies a problem with our adserver and the malware GIFrame-A hides somewhere on the server or in the database. I've searched the net and found some advice about removing malware for the revive adserver. I didn't find any entry in the banners or zone table in the database and I could not identify any modified Files on the server. We run 3.0.6 and I upgradet to 3.1.0, but this didn't resolve the problem. Has anybody experience witht that kind of malware and any hint where it hides? Our users report that the problem comes from www/delivery/lg.php or from here www/delivery/avw.php?zoneid%3D22&%3Bn%3D3cfe063 I am completely stuck where to look for the intrusion, maybe somebody had this issue with the mentioned malware and has a solution how to remove. best regads Michael
  6. Hello, My site using openx for ad server and detect by norton antivirus as "malvertisement website redirect", upgrade to revive ad server not solve this problem, and i not found malicious code on a web page. Anyone have same problem? Thanks.
  • Create New...