Revive Installation Hacked?

[Sabroso]

Hi there,

A security software that I use in my website runs a scan on php files every 24 hours to check for changes and when detected it provides a threat score.

Normally only cache files change but today it has been the first time i see two libraries in the Revive Adserver installation have changed and a high threat score has been given to these files. they are:

• revive/lib/smarty/internals/core.smarty_include_php.php
• revive/lib/smarty/internals/core.run_insert_handler.php

I did not upgrade anything on the Revive Installation which is on the latest version 3.2.2. Did these libraries get updated automatically?

Thanks.

[Sabroso]

it also highlighted as suspicious 

• revive/lib/OA.php

However I did a file comparison between my local files on the staging environment and the files on the production site and they are identical (both based on Revive 3.2.2).

It must be a false positive, right?

[Erik Geurts]

Have you checked those files against the original v3.2.2 distribution files that can be downloaded from https://www.revive-adserver.com/download/ ?

[Sabroso]

Hi, I just did and they are identical.

Not sure why they have been reported as changed but it looks like it is a false alarm.

Thank you very much!

[Richard Foley]

Security software (...) are notorious for reporting "false positives". You have to be careful how much serious notice you take of their often unfounded and hysterical alerts.