2012-05-04, 04:18 PM
|
#1
|
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
OpenX Security Notice
http://blog.openx.org/05/security-up...penx-28-users/
Quote:
OpenX takes security seriously. If ever we find an issue, we address it quickly and communicate any updates as soon as possible. A recent security issue with OpenX versions 2.8.0 - 2.8.8 means users of these versions of the platform should take the following steps:
1. Secure their servers by removing the files being exploited:
www/admin/account-settings-debug.php
www/admin/plugin-index.php
www/admin/plugin-settings.php
www/admin/admin-user.php
2. Removing these scripts will impact some of the user/plugin management systems, but will not affect existing users/plugins, and will not affect ad serving.
3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process.
Users can tell if they have been affected by this by checking for a rogue admin user named “openx-manager” in their UI at http://<your_admin_domain>/www/admin/admin-access.php
If the above user is found, it should be removed, and a full security audit should be performed.
We strongly encourage users to lock down their config file. Additionally, users should notify security@openx.com if they ever become aware of a security matter.
|
__________________
SnapReplay.com a different way to share photos - iPhone & Android
|
|
|