Greenguy's Board

Greenguy's Board (http://www.greenguysboard.com/board/index.php)
-   General Business Knowledge (http://www.greenguysboard.com/board/forumdisplay.php?f=10)
-   -   OpenX Security Notice (http://www.greenguysboard.com/board/showthread.php?t=63905)

cd34 2012-05-04 04:18 PM
OpenX Security Notice
 
http://blog.openx.org/05/security-up...penx-28-users/

Quote:
OpenX takes security seriously. If ever we find an issue, we address it quickly and communicate any updates as soon as possible. A recent security issue with OpenX versions 2.8.0 - 2.8.8 means users of these versions of the platform should take the following steps:

1. Secure their servers by removing the files being exploited:

www/admin/account-settings-debug.php
www/admin/plugin-index.php
www/admin/plugin-settings.php
www/admin/admin-user.php
2. Removing these scripts will impact some of the user/plugin management systems, but will not affect existing users/plugins, and will not affect ad serving.

3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process.

Users can tell if they have been affected by this by checking for a rogue admin user named “openx-manager” in their UI at http:///www/admin/admin-access.php

If the above user is found, it should be removed, and a full security audit should be performed.

We strongly encourage users to lock down their config file. Additionally, users should notify security@openx.com if they ever become aware of a security matter.

Cleo 2012-05-04 05:16 PM
I followed all the above steps.

I haven't been hacked.

This step lost me though
"3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process."

Allfetish 2012-05-04 08:15 PM
Bastards got me but I had /admin/ locked down so maybe they had troubles doing much I don't know. I see the rougue user added 4-14 but no evidence of any malware being served yet. Having to do a full audit now. |banghead|

Quote:
Originally Posted by Cleo (Post 515902)
I followed all the above steps.

I haven't been hacked.

This step lost me though
"3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process."
I think it means rename/remove the existing dashboard.php file and then download the dashboard.zip file they link to, unzip it, and put that in the place of the old dashboard.php file. You have to go to the original announcement to get that file.

Edit: Here are some more technical details about the hack I found interesting
http://www.infosecstuff.com/openx-cs...ely-exploited/

Cleo 2012-05-04 11:01 PM
Quote:
Originally Posted by Allfetish (Post 515903)
I think it means rename/remove the existing dashboard.php file and then download the dashboard.zip file they link to, unzip it, and put that in the place of the old dashboard.php file. You have to go to the original announcement to get that file.
Got it, this file.
http://www.openx.com/downloads/dashboard.zip

My OpenX was hacked a few years ago. It was a real mess to straighten out. Don't want to ever go through that again.

LeRoy 2012-05-05 11:37 AM
Ouch!

Glad I deleted OpenX a couple months ago |thumb

bDok 2012-05-06 06:24 PM
Should I still take these steps if I'm on 2.8.8? Or is that safe?

cd34 2012-05-07 10:45 AM
Quote:
Originally Posted by bDok (Post 515954)
Should I still take these steps if I'm on 2.8.8? Or is that safe?
2.8.8 is also affected. There is no fix yet.

bDok 2012-05-08 12:35 AM
Quote:
Originally Posted by cd34 (Post 515970)
2.8.8 is also affected. There is no fix yet.
bah. Applying changes for this then now. Thanx.

bDok 2012-05-12 03:49 PM
2.8.9 is out. update away!


All times are GMT -4. The time now is 03:43 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc