Jump to content

Recommended Posts

Posted

Hello dear service team,

i run my own webserver with the Revice-version 4.13 and it seems to have been hacked in the last days or weeks.

https://blog.confiant.com/tag-barnakle-the-malvertiser-that-hacks-revive-ad-servers-redirects-victims-to-malware-50cdc57435b1

Unfortunately I don't have a backup of a version before the hack. Is there a possibility to restore my adserver by updating to the new version?
Or is the attack so deep that I have to completely rebuild the server?

Do you have a tip for me how I can fix the current server and how I can then update to the latest version. Is the new version safe from this hack?

I would also like to use the services of an experienced developer to solve the problem.

I would be very happy about your help!

Many greetings!

Sascha

 

Posted
7 minutes ago, Ian vM said:

If you have no backup ... of course you can't go back to a previous point in time.
I'd advice you to start over on a fresh installation, or sign up at https://www.revive-adserver.net/

Hello, Ian,

thanks for your answer!

Do you know if this hack only compromises the files on the server or are the databases also affected? I might be able to recover the files.

Posted
12 hours ago, Ian vM said:

I'm sorry, i'm not familiar with it. But in most other cases i've seen the database is comprimised.

I did a little research. The hacker injected the malicious code into the "append" column in each zone under "rv_zones" in the database.
The table "rv_banners" seems not to be affected.

Additionally, there was a malicious PHP code under \www\delivery\ with the name "js.php". According to the virus scanner a malicious code named "PHP.Filesman". With this the hackers probably have access to the website.

 

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...