New Way To Hack Database?

[stapel_eliz]

Today, I discovered another hack of my adserver. I'd had version 3.1, with the usual precautions, file permissions, etc.

 

The new hack appended a Javascript to the text in the "htmlcache" field. There was nothing in the "append" or "prepend" fields. The script was tacked onto the intended text. It put an iframe (calling an undesired URL) at an absolute position, did something with cookies (?), and then put another absolute-position iframe with another undesired different URL.

 

I've forwarded specific details to the proper e-mail address for this issue; I haven't yet heard back. I have been unable to locate any other instances of this particular hack, either here on through Google in general. I know that details, etc, are not to be posted here, but I wanted to post something, so people would be aware of the issue.

 

If you've got unintended ads being served up on your site, and if you can't find anything in the "prepend" or "append" fields, check in "banners" for coding in "htmlcache" that doesn't match what you'd intended.

 

Eliz.

[andrewatfornax]

The following post may also be of help:

 

http://www.openxconsultant.com/blog/2011/10/what-to-do-when-you-suspect-your-openx-system-has-been-hacked/

[tbobker]

What are the normal ways hackers are actually getting access to the server?  

 

Is anyone able to list a few of the most common routes into the adsever?

[Erik Geurts]

The most common route, as I've seen it, is a rather non-technical one: people have had their passwords compromised because they were easy to guess.

[Richard Foley]

Human engineering is almost always going to be the most common cause, Duff, default, or easy to guess, passwords, and the like...

 

What are the normal ways hackers are actually getting access to the server?  

 

Is anyone able to list a few of the most common routes into the adsever?