OpenX was hacked on my server yesterday but all is well now.
 

Woke up yesterday to find Google malware notices on my TGP.

Big thanks to my host Colo-Cation and cd34 aka Sparky for quickly helping in finding and removing the malware from my banners.

OpenX was hacked and malware code as appended to my banners.

OpenX has been upgraded to the latest version so hopefully this won't happen again.

Naturally all this had to happened on one of the few days that I was away from the computer spending the day on an island.

Thanks for everyone that sent me a heads up on this.

All should be well now.

Seems like Open X is a big target for hackers.

We've had a few issues with Open X also. Too scared to use it again.

Glad to see everything is ok

It's a fucking mess. :(

Google now has this in my Webmaster's Tools admin.
"A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate."

The database that browsers use to check if a site has malware needs to propagate and it may take a few days to propagate. Unfortunately the database that says I do have malware is still propagating out and then right behind that one will be the database that says I don't have malware. All this may take a few days. :(

I'm having to use Firefox with "Block reported attack sites" unchecked in order to surf my own stuff. :(

That sucks. I need to go and check my OpenX and upgrade I guess ASAP. It's only being used on my newest of blog networks. :/

Monitor your domains to see if they have been put on Google's SafeBrowser Blacklist or Malware list

|thumb|thumb

While safewatch was/is a good concept, due to a few limiting factors of the way google publishes data, the root domain in cleo's case was not tagged, only the /tgp/ directory.

It is still a good indicator since 99% of the malware will be present on all pages.

For Safari users I figured out how to turn off the warning so that I can at least surf my own stuff until my domain is removed from the malware database.

http://www.greenguysboard.com/board/...1&d=1284328396

Just told Cleo in a PM, I just spent hours updating my OpenX. I was on version 2.0.11 and the latest is 2.8. OMG, I had stats for 5 years of banner data, I finally had to dump the log files, the script kept giving me this oh so helpful error:

#! UPGRADE FAILED: tables_core_544
#! omg it all went PEAR shaped! _doQuery: [Error message: Could not execute statement]
[Native message: MySQL server has gone away]

well sorry to hear it gained weight. before that, it had this one file it wanted you to have, but half way through the install, it tried to write to that, it was there, and bombed out. |banghead|

I'm just glad I got it updated, I went through a hack about a month ago from a banner downloading a trojan, last thing I want is someone hacking OpenX.

Looks like my site has been cleared in Safari, Firefox and Crome.

Maybe I can actually get some sleep now.

Sparky gave a good tip.

I chmod 700 OpenX's admin directory so that no one can access it. If I need to add a banner or something it no big deal to temporally change while I need to access it and then change it back after.

At this point I don't really trust OpenX anymore.

UGH! I havent cheked my OpenX in a very long time. I guess its time. Thanks for sharing.

Thanks for the tip, I just did that. |thumb

My old version has been hack free for years, knock wood. I don't know if I'd of upgraded it after seeing all the people with recent versions getting hacked in the community forums.

I can't chmod my admin directory...it keeps changing back to 755. Anyone know why? I'm working with the one in the www folder.

A lot of mainstream sites that are using openx have been hacked lately

Actually I was thinking that we could htaccess the admin directory and make it require a password.

ok i see i'm at 2.8.3 and 2.8.6 is out. This will be happening tomorrow.

Last night I password protected my admin directory using htaccess.

Do have the code for that?

My OpenX is not working at all right now. I have an trouble ticket in to see what's going on.

To password protect a directory.

First go here and encrypt a userID/password.
http://www.e2.u-net.com/htaccess/make.htm

In a directory someplace on your server create a file named.
Copy and paste your encrypted userID/password into this file

Now in the directory that you want to protect create a file named
Place this text in the file changing the path to your actually path.
Enjoy your much safer admin.

Excellent, thanks Cleo!

Appears if you are using anything but the javascript delivery, the admin directory cannot be protected.

LD, in the control panel, you can automatically generate .htaccess/.htpasswd files.

I only use JavaScript delivery so I haven't noticed any issues. What happens with other deliveries? I'm guessing the ads don't show?

Does it work if you chmod 700 the admin directory?

Never noticed the htaccess thing in our control panel but I also never looked for it.

I believe the iframe and php includes try to include a file from the admin directory for some display function. It does indeed break when the admin directory is set to chmod 700.

Javascript delivery appears to have been written after the fact and doesn't use those includes and works when the admin directory is chmod 700.

I'm all protected now, thanks guys.

I liked this program a whole lot more back when it was PhpAdsNew. The admin was way less confusing and it did everything that I needed it to do and was simple to use.

It seems like it has turned into bloatware with all kinds of features that are only needed by a few.