OpenX Security Notice

[cd34]

http://blog.openx.org/05/security-up...penx-28-users/

Quote:

OpenX takes security seriously. If ever we find an issue, we address it quickly and communicate any updates as soon as possible. A recent security issue with OpenX versions 2.8.0 - 2.8.8 means users of these versions of the platform should take the following steps:

1. Secure their servers by removing the files being exploited:

www/admin/account-settings-debug.php
www/admin/plugin-index.php
www/admin/plugin-settings.php
www/admin/admin-user.php
2. Removing these scripts will impact some of the user/plugin management systems, but will not affect existing users/plugins, and will not affect ad serving.

3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process.

Users can tell if they have been affected by this by checking for a rogue admin user named “openx-manager” in their UI at http://<your_admin_domain>/www/admin/admin-access.php

If the above user is found, it should be removed, and a full security audit should be performed.

We strongly encourage users to lock down their config file. Additionally, users should notify security@openx.com if they ever become aware of a security matter.

[Cleo]

I followed all the above steps.

I haven't been hacked.

This step lost me though
"3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process."

[Allfetish]

Bastards got me but I had /admin/ locked down so maybe they had troubles doing much I don't know. I see the rougue user added 4-14 but no evidence of any malware being served yet. Having to do a full audit now.

Quote:

Originally Posted by Cleo

I followed all the above steps.

I haven't been hacked.

This step lost me though
"3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process."

I think it means rename/remove the existing dashboard.php file and then download the dashboard.zip file they link to, unzip it, and put that in the place of the old dashboard.php file. You have to go to the original announcement to get that file.

Edit: Here are some more technical details about the hack I found interesting
http://www.infosecstuff.com/openx-cs...ely-exploited/

[Cleo]

Quote:

Originally Posted by Allfetish

I think it means rename/remove the existing dashboard.php file and then download the dashboard.zip file they link to, unzip it, and put that in the place of the old dashboard.php file. You have to go to the original announcement to get that file.

Got it, this file.
http://www.openx.com/downloads/dashboard.zip

My OpenX was hacked a few years ago. It was a real mess to straighten out. Don't want to ever go through that again.

[LeRoy]

Ouch!

Glad I deleted OpenX a couple months ago

[bDok]

Should I still take these steps if I'm on 2.8.8? Or is that safe?

[cd34]

Quote:

Originally Posted by bDok

Should I still take these steps if I'm on 2.8.8? Or is that safe?

2.8.8 is also affected. There is no fix yet.

[bDok]

Quote:

Originally Posted by cd34

2.8.8 is also affected. There is no fix yet.

bah. Applying changes for this then now. Thanx.

[bDok]

2.8.9 is out. update away!