Jump to content

Hijack / Hack Via cache folder ?


ZenAlien

Recommended Posts

Hi everyone,  (TL;DR at the end)

been a long time user of openx+revive (since around 2008).
Just to say, that we know the product ?

Since a few month, we noticed that we had some adverts being hijacked with suspects links, etc... BUT ONLY FOR MOBILES PHONES

Being a long time user, we checked everything (append and prepend on zones + banners), nothing there because we locked these tables since a long time.
All password were changes and so on, php execition is allready forbiden in the image foder since a long time.

Because we did not find the cause, we did a deep investigations, we also had a look at this thread :

Nothing there was useful to us, and  all our files in the delivery folder are clean.

So we did continue our investigation.

And there, we noticed that in the cache folder, sometimes were generated some files with all the global config, in clear plain text, with all password, database access and passwords...

See image here : https://www.dropbox.com/s/8bor7737lsx4o3h/rads.jpg?dl=1

 

So we started to panic ?

We wanted to be sure our server had not been backdoored, so we did a fresh install in a localhost environment and we noticed the the same behaviour was happening on a fresh install.

Has anyone noticed this ?



TL;DR :
- we got some advert being hijacked with link only on mobiles phones and we cant find where it is coming from
- while investigating we noticed that in the cache folder, is generated a file with all criticals informations (DB PWD, etc...)

 

 

We did not find a solution to our problem, still investigating since a few months.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...