hudini Posted July 26, 2015 Report Posted July 26, 2015 hello it is the second time today, the review adserver 3.2.1 was hacked. In some files where crypted javascript code included. It was found, because of the server error after login Parse error: syntax error, unexpected T_STRING in xxxx/public_html/pre-check.php on line 114 also scripts like www/delivery/ac.php or afr.php where modified etc. I can send you a copy of modified pre-check.php. review adserver is now running, because I override it with the original files. but it will take a time, to get hacked again. Is the problem known ? Quote
hudini Posted July 26, 2015 Author Report Posted July 26, 2015 Is there a good exploid scanner for a linux system ? Quote
Erik Geurts Posted July 27, 2015 Report Posted July 27, 2015 In many cases, what you call "hacked", turned out to be a case where someone managed to get their hands on the password of an administrator user. I've seen cases where they then created an extra admin user and have come back months or even years later to compromise the system. Have you checked the users table to look for anything unusual there? Quote
hudini Posted July 27, 2015 Author Report Posted July 27, 2015 Yes i did it twice this month. I have a crypted long password etc. This looks like an exploid, which add javascript codes after <BODY> tags in all Scripts of REVIEW Adserver. DB seems to be OK Quote
hudini Posted July 27, 2015 Author Report Posted July 27, 2015 I change the login regulary. The Adserver is used since 7 years Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.