Jump to content

Exploit in Revive Adserver?

Recommended Posts

Is there any new exploit in Revive Adserver 3.2.4? Some script or something is putting prepend script to our ads and removing them few hours later. They log in in audit log as me, but the password is impossible to guess and the scripts are intact on the revive folder, server seem not to be compromised...

Any ideas?

Edited by Erik Geurts
Corrected product name spelling
Link to comment
Share on other sites

Yes today I canhged password. This logins started happening at the end of february, is it possible somebody exploited some old backdoor to get password? I'll see if it will happen again now, but I would like to know how they got my password in the first place. So was there some exploit before end of february that could get the attacker password?

I don't know what this JS iframes did, as I didn't get infected by browsing my website and I did that a lot...

Link to comment
Share on other sites

Just a reminder as well to anyone following - if you've upgraded from a version that was older, it's possible the instance was already compromised - simply upgrading doesn't mean that someone who already has access will now no longer have access. There are specific steps you'll need to take if you've been compromised.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...