Jump to content

Recommended Posts

Hello dear service team,

i run my own webserver with the Revice-version 4.13 and it seems to have been hacked in the last days or weeks.

https://blog.confiant.com/tag-barnakle-the-malvertiser-that-hacks-revive-ad-servers-redirects-victims-to-malware-50cdc57435b1

Unfortunately I don't have a backup of a version before the hack. Is there a possibility to restore my adserver by updating to the new version?
Or is the attack so deep that I have to completely rebuild the server?

Do you have a tip for me how I can fix the current server and how I can then update to the latest version. Is the new version safe from this hack?

I would also like to use the services of an experienced developer to solve the problem.

I would be very happy about your help!

Many greetings!

Sascha

 

Share this post


Link to post
Share on other sites
7 minutes ago, Ian vM said:

If you have no backup ... of course you can't go back to a previous point in time.
I'd advice you to start over on a fresh installation, or sign up at https://www.revive-adserver.net/

Hello, Ian,

thanks for your answer!

Do you know if this hack only compromises the files on the server or are the databases also affected? I might be able to recover the files.

Share this post


Link to post
Share on other sites
12 hours ago, Ian vM said:

I'm sorry, i'm not familiar with it. But in most other cases i've seen the database is comprimised.

I did a little research. The hacker injected the malicious code into the "append" column in each zone under "rv_zones" in the database.
The table "rv_banners" seems not to be affected.

Additionally, there was a malicious PHP code under \www\delivery\ with the name "js.php". According to the virus scanner a malicious code named "PHP.Filesman". With this the hackers probably have access to the website.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...