2 Times Hacked With The Actual Version 3.2.1

[hudini]

hello

 

it is the second time today, the review adserver 3.2.1 was hacked. In some files where crypted javascript code included. It was found, because of the server error after login

Parse error: syntax error, unexpected T_STRING in xxxx/public_html/pre-check.php on line 114

also scripts like www/delivery/ac.php or afr.php where modified etc.

 

I can send you a copy of modified pre-check.php.

review adserver is now running, because I override it with the original files. but it will take a time, to get hacked again.

 

Is the problem known ?

[hudini]

Is there a good exploid scanner for a linux system ?

[Erik Geurts]

In many cases, what you call "hacked", turned out to be a case where someone managed to get their hands on the password of an administrator user. I've seen cases where they then created an extra admin user and have come back months or even years later to compromise the system. Have you checked the users table to look for anything unusual there?

[hudini]

Yes i did it twice this month. I have a crypted long password etc. This looks like an exploid, which add javascript codes after <BODY> tags in all Scripts of REVIEW Adserver. DB seems to be OK

[hudini]

I change the login regulary. The Adserver is used since 7 years