Jump to content

Search the Community

Showing results for tags 'security'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Using and Managing Revive Adserver
    • Documentation
    • Using Revive Adserver
    • Managing Revive Adserver
    • Bugs
  • Advanced Topics
    • Performance, Scalability, and Reliability
    • For Developers
  • Revive Adserver Community
    • Revive Adserver Project News and Announcements
    • Feature Requests
    • Plugins
    • Requests for Consulting
    • Off Topic

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL

Found 8 results

  1. Has anyone set up Revive to work with fail2ban? Does Revive log failed sign-in attempts someplace?
  2. My organization has recently undergone a security incident having to do with our openx server (we use version 2.8.7). What we know - 1. The attacker most probably exploited SQL Injection vulnerability in axmlrpc.php as an enrty point into our organization. 2. From there he went on to modify 2 files in /var/cache to contain malicious code in the "compiledlimitation" key. (This code created a web shell in the plugins directory). 3. Besides the shell created by the malicious files in /var/cache he was also able to create another shell in the plugins directory. This is a publicly available shell, known to be used in the context of openx (https://www.badwarebusters.org/stories/show/19972), titled "Web Shell by oRb". we have no idea how it was created. 4. After a few days the attacker modified the contents of \openx\plugins\deliveryCacheStore\oxCacheFile\oxCacheFile.delivery.php to contain code that infects the openx cache in a way that creates another entry in /var/cache which causes openx to server malicious iframes to users. The attacker modified the oxCacheFile.delivery.php file to contain the code that can be found here: http://ninjafirewall.com/malware/?threat=2014-02-20.01 Our Database and openx installations are on different servers. We have no idea how the attacker was able to create the malicious files in \var\cache or how he was able to modify the contents of oxCacheFile.delivery.php. Does anyone have experience with this type of attack vector? Any help you can provide in understanding the what happened would be greatly appreciated. Thanks,
  3. I'm always weary of third party software recommending or requiring setting directory permissions to 777. Is it possible to deny direct access to PHP files in these directories or will it break the software? ./var ./var/templates_compiled ./var/plugins ./var/plugins/DataObjects ./var/plugins/recover ./var/cache ./www/images ./www/admin/plugins ./pluginsSpecifically using an Apache configuration like this, which would be fine providing the PHP files are only included and not accessed directly: <Directory ~ /(var|www/images|www/admin/plugins|plugins)/> php_admin_flag engine off <Files *.php> Order Deny,Allow Deny from all </Files> </Directory> We've been bitten a few times with leaky software that has enabled PHP files to be created in writeable directories and executed to install web shells. This attempts to reduce that risk by disabling PHP execution/denying PHP access directly in the browser.
  4. Seems there are a lot of hacking going on. What are the most common security breaches? What are some best practices to keep it secure?
  5. Hi, somebody stole the password from the Ads manager computer, we were looking into audits in order to see which was the IP and maybe understand better what happened, but there are no IP registered. what's the use of an audit if it doesn't store the IP address of who made an action?
  6. Hi There, I have been using the PHP ads new platform for the last ten years through it metamorphosis to OpenX source and now Revive. In the past it fit the bill, but recently our needs have grown and we need additional features that are offered on the paid platforms. I am running an ad network with about 400 million ad views a day. The network contains several publishers that our company owns as well as additional 3rd party pubs. Some of the sites we own and operate are TNAflix.com, EMPflix.com, ImageFap.com, PornWall.com, Wankspider.com, MovieFap.com and Hulkshare.com I am looking for a full time dev that will help us build features on top of the basic Revive framework. Here are several features we are interested in creating. -Better security, seems to be the Achilles heal of Revive -POP Up Management for mobile and web platfroms -Device Management: i want to be able to serve different ads based on mobile device -Ad a custom interface for Advertisers that is more esthetic and offers better info on their campaign, including stats per GEO. -Better GEO targeting -Better Admin interface that includes more specific drill downs especially GEO. -Conversion Tracking -Group Management based on Key word, Meta info You are welcome to contact me at the follow email: Sagee@hulkshare.com Thanks, Sagee
  7. Good Morning, the technical department of my service provider (Aruba cloud) says that, in order to avoid security problems, it is mandatory to assign these permissions: 755 - For all directories 644 - For all files I followed the guide for installing/upgrading Revive Adserver, but the provider I use prevents me from assigning 777 permissions to these directories: / plugins / var / www / admin / plugins After logging in, I get this warning: Error: File permission errors detected. These may impact the accurate delivery of your ads, See the debug.log file for the list of files unwritable I can not change the permissions because the provider forbids me, there is a solution to solve this problem without changing permissions? Thank you!
  8. ca_mh

    2013 Backdoor

    Hi We are evaluating the Revive platform at the moment , one of our team has done some research and come across this on wikipedia http://en.wikipedia.org/wiki/OpenX_(software)#cite_note-5 I am trying to find out if that security hole has been fixed in revive? Kind Regards Martin
  • Create New...