benwinton Posted May 14, 2019 Report Posted May 14, 2019 Even after upgrading to Version 4.2.0, a hacker was able to use script injection to force his/her ads with the following Adsense ID -- pub-6084777151829107 -- into my websites. It appears this person found a way to get to a file named ads.txt, which is recommended by Google to allow specific Adsense IDs to be used on a website. The txt file is in the root directory of the site. I installed additional security software on both the webserver and via the Web host, and for the last 12 hours, things have settled down. I am not sure if the vulnerability is found in Adserver 4.2.0 or some other file in Wordpress. In any case, be on the lookout for this Adsense ID showing up on your site, especially if you notice Adsense revenues are down. I reported the ID to Google, but I never hear back from Google on anything I send to them. Quote
andrewatfornax Posted May 16, 2019 Report Posted May 16, 2019 Hi @benwinton, Just in case you were not aware, please note that upgrading to 4.2.0 will not automatically clean a compromised system - if a system has been compromised, then the system will need to be cleaned (ideally, replaced with a new system), rather than just upgrading Revive Adserver. Quote
benwinton Posted May 31, 2019 Author Report Posted May 31, 2019 Thanks. Yes, I totally cleaned the system and removed the previous version. Despite all this, the hack continued. This is still good advice, and much-appreciated. I found that deleting the old installation of Revive ASAP -- so that it did not even exist on the server any longer -- also helped mitigate. But, a full malware scan, and additional security settings also were necessary. In addition, reporting offending hackers to Google Adsense, as well as blacklisting them, seemed to help. Oh, and -- most important -- change every password into your website, everywhere, no matter how painful. This includes FTP passwords, but also Wordpress passwords, and Adsense passwords. Do not use the old Adsense passwords under any circumstances. Also, do not use the old Revive adserver passwords under any circumstances. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.