OpenX was hacked on my server yesterday but all is well now.

Cleo · 2010-09-12, 07:28 AM

Woke up yesterday to find Google malware notices on my TGP.

Big thanks to my host Colo-Cation and cd34 aka Sparky for quickly helping in finding and removing the malware from my banners.

OpenX was hacked and malware code as appended to my banners.

OpenX has been upgraded to the latest version so hopefully this won't happen again.

Naturally all this had to happened on one of the few days that I was away from the computer spending the day on an island.

Thanks for everyone that sent me a heads up on this.

All should be well now.

LeRoy · 2010-09-12, 10:59 AM

Seems like Open X is a big target for hackers.

We've had a few issues with Open X also. Too scared to use it again.

Glad to see everything is ok

Cleo · 2010-09-12, 01:35 PM

It's a fucking mess.

Google now has this in my Webmaster's Tools admin.
"A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate."

The database that browsers use to check if a site has malware needs to propagate and it may take a few days to propagate. Unfortunately the database that says I do have malware is still propagating out and then right behind that one will be the database that says I don't have malware. All this may take a few days.

I'm having to use Firefox with "Block reported attack sites" unchecked in order to surf my own stuff.

bDok · 2010-09-12, 01:45 PM

That sucks. I need to go and check my OpenX and upgrade I guess ASAP. It's only being used on my newest of blog networks. :/

pc · 2010-09-12, 02:14 PM

Monitor your domains to see if they have been put on Google's SafeBrowser Blacklist or Malware list

cd34 · 2010-09-12, 03:12 PM

While safewatch was/is a good concept, due to a few limiting factors of the way google publishes data, the root domain in cleo's case was not tagged, only the /tgp/ directory.

It is still a good indicator since 99% of the malware will be present on all pages.

Cleo · 2010-09-12, 05:54 PM

For Safari users I figured out how to turn off the warning so that I can at least surf my own stuff until my domain is removed from the malware database.

RedCherry · 2010-09-12, 09:03 PM

Just told Cleo in a PM, I just spent hours updating my OpenX. I was on version 2.0.11 and the latest is 2.8. OMG, I had stats for 5 years of banner data, I finally had to dump the log files, the script kept giving me this oh so helpful error:

#! UPGRADE FAILED: tables_core_544
#! omg it all went PEAR shaped! _doQuery: [Error message: Could not execute statement]
[Native message: MySQL server has gone away]

well sorry to hear it gained weight. before that, it had this one file it wanted you to have, but half way through the install, it tried to write to that, it was there, and bombed out.

I'm just glad I got it updated, I went through a hack about a month ago from a banner downloading a trojan, last thing I want is someone hacking OpenX.

Cleo · 2010-09-12, 11:20 PM

Looks like my site has been cleared in Safari, Firefox and Crome.

Maybe I can actually get some sleep now.

Cleo · 2010-09-13, 12:18 AM

Sparky gave a good tip.

I chmod 700 OpenX's admin directory so that no one can access it. If I need to add a banner or something it no big deal to temporally change while I need to access it and then change it back after.

At this point I don't really trust OpenX anymore.

terry · 2010-09-13, 08:50 AM

UGH! I havent cheked my OpenX in a very long time. I guess its time. Thanks for sharing.

RedCherry · 2010-09-13, 09:55 AM

Quote:

Originally Posted by Cleo

Sparky gave a good tip.

I chmod 700 OpenX's admin directory so that no one can access it. If I need to add a banner or something it no big deal to temporally change while I need to access it and then change it back after.

At this point I don't really trust OpenX anymore.

Thanks for the tip, I just did that.

My old version has been hack free for years, knock wood. I don't know if I'd of upgraded it after seeing all the people with recent versions getting hacked in the community forums.

LD · 2010-09-13, 10:51 AM

I can't chmod my admin directory...it keeps changing back to 755. Anyone know why? I'm working with the one in the www folder.

MeatPounder · 2010-09-13, 03:43 PM

A lot of mainstream sites that are using openx have been hacked lately

Cleo · 2010-09-13, 03:59 PM

Quote:

Originally Posted by LD

I can't chmod my admin directory...it keeps changing back to 755. Anyone know why? I'm working with the one in the www folder.

Actually I was thinking that we could htaccess the admin directory and make it require a password.

bDok · 2010-09-14, 04:05 AM

ok i see i'm at 2.8.3 and 2.8.6 is out. This will be happening tomorrow.

Cleo · 2010-09-14, 07:06 AM

Last night I password protected my admin directory using htaccess.

LD · 2010-09-14, 09:25 AM

Quote:

Originally Posted by Cleo

Last night I password protected my admin directory using htaccess.

Do have the code for that?

My OpenX is not working at all right now. I have an trouble ticket in to see what's going on.

Cleo · 2010-09-14, 09:36 AM

Quote:

Originally Posted by LD

Do have the code for that?

To password protect a directory.

First go here and encrypt a userID/password.
http://www.e2.u-net.com/htaccess/make.htm

In a directory someplace on your server create a file named.

Code:

.htpasswd

Copy and paste your encrypted userID/password into this file

Now in the directory that you want to protect create a file named

Code:

.htaccess

Place this text in the file changing the path to your actually path.

Code:

AuthUserFile /path/to/your/password/file/.htpasswd

AuthGroupFile /dev/null
AuthName "Whatever You Want The Password Dialog To Be Called"
AuthType Basic
<Limit GET POST>
order allow,deny
allow from all
require valid-user
</Limit>

Enjoy your much safer admin.

LD · 2010-09-14, 10:30 AM

Excellent, thanks Cleo!

cd34 · 2010-09-14, 08:59 PM

Appears if you are using anything but the javascript delivery, the admin directory cannot be protected.

LD, in the control panel, you can automatically generate .htaccess/.htpasswd files.

Cleo · 2010-09-14, 09:12 PM

Quote:

Originally Posted by cd34

Appears if you are using anything but the javascript delivery, the admin directory cannot be protected.

LD, in the control panel, you can automatically generate .htaccess/.htpasswd files.

I only use JavaScript delivery so I haven't noticed any issues. What happens with other deliveries? I'm guessing the ads don't show?

Does it work if you chmod 700 the admin directory?

Never noticed the htaccess thing in our control panel but I also never looked for it.

cd34 · 2010-09-14, 09:24 PM

I believe the iframe and php includes try to include a file from the admin directory for some display function. It does indeed break when the admin directory is set to chmod 700.

Javascript delivery appears to have been written after the fact and doesn't use those includes and works when the admin directory is chmod 700.

LD · 2010-09-14, 09:44 PM

I'm all protected now, thanks guys.

Cleo · 2010-09-14, 10:49 PM

I liked this program a whole lot more back when it was PhpAdsNew. The admin was way less confusing and it did everything that I needed it to do and was simple to use.

It seems like it has turned into bloatware with all kinds of features that are only needed by a few.

2010-09-12, 07:28 AM	#1
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	OpenX was hacked on my server yesterday but all is well now. Woke up yesterday to find Google malware notices on my TGP. Big thanks to my host Colo-Cation and cd34 aka Sparky for quickly helping in finding and removing the malware from my banners. OpenX was hacked and malware code as appended to my banners. OpenX has been upgraded to the latest version so hopefully this won't happen again. Naturally all this had to happened on one of the few days that I was away from the computer spending the day on an island. Thanks for everyone that sent me a heads up on this. All should be well now. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2010-09-12, 10:59 AM	#2
LeRoy "Young dumb and full of cum" Join Date: Jun 2007 Location: Porn Valley Posts: 2,370	Seems like Open X is a big target for hackers. We've had a few issues with Open X also. Too scared to use it again. Glad to see everything is ok __________________ JAPANESE ADULT AFFILIATE PROGRAM

2010-09-12, 01:35 PM	#3
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	It's a fucking mess. Google now has this in my Webmaster's Tools admin. "A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate." The database that browsers use to check if a site has malware needs to propagate and it may take a few days to propagate. Unfortunately the database that says I do have malware is still propagating out and then right behind that one will be the database that says I don't have malware. All this may take a few days. I'm having to use Firefox with "Block reported attack sites" unchecked in order to surf my own stuff. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2010-09-12, 01:45 PM	#4
bDok bang bang Join Date: Mar 2005 Location: SD/OC/LA Posts: 3,241	That sucks. I need to go and check my OpenX and upgrade I guess ASAP. It's only being used on my newest of blog networks. :/ __________________ submit to Nymphotic submit to Moistlace

2010-09-12, 03:12 PM	#6
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	While safewatch was/is a good concept, due to a few limiting factors of the way google publishes data, the root domain in cleo's case was not tagged, only the /tgp/ directory. It is still a good indicator since 99% of the malware will be present on all pages. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2010-09-12, 02:14 PM	#5
pc Shift Out / X-On Join Date: Jul 2007 Location: unknown Posts: 2,298	Monitor your domains to see if they have been put on Google's SafeBrowser Blacklist or Malware list

2010-09-12, 09:03 PM	#8
RedCherry Of all the things I've lost, I miss my mind the most. Join Date: Apr 2004 Location: Middle of the Desert, Pahrump, NV Posts: 3,187	Just told Cleo in a PM, I just spent hours updating my OpenX. I was on version 2.0.11 and the latest is 2.8. OMG, I had stats for 5 years of banner data, I finally had to dump the log files, the script kept giving me this oh so helpful error: #! UPGRADE FAILED: tables_core_544 #! omg it all went PEAR shaped! _doQuery: [Error message: Could not execute statement] [Native message: MySQL server has gone away] well sorry to hear it gained weight. before that, it had this one file it wanted you to have, but half way through the install, it tried to write to that, it was there, and bombed out. I'm just glad I got it updated, I went through a hack about a month ago from a banner downloading a trojan, last thing I want is someone hacking OpenX. __________________ Our 3D Comics and Props on Renderotica

2010-09-12, 11:20 PM	#9
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Looks like my site has been cleared in Safari, Firefox and Crome. Maybe I can actually get some sleep now.

2010-09-13, 12:18 AM	#10
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Sparky gave a good tip. I chmod 700 OpenX's admin directory so that no one can access it. If I need to add a banner or something it no big deal to temporally change while I need to access it and then change it back after. At this point I don't really trust OpenX anymore.

2010-09-13, 08:50 AM	#11
terry You can now put whatever you want in this space :) Join Date: Apr 2004 Location: Montreal Posts: 5,883	UGH! I havent cheked my OpenX in a very long time. I guess its time. Thanks for sharing. __________________ Stop That 9 To 5 Go Green Grocery Store

2010-09-13, 10:51 AM	#13
LD wtfwjd? Join Date: May 2007 Posts: 2,103	I can't chmod my admin directory...it keeps changing back to 755. Anyone know why? I'm working with the one in the www folder. __________________ Artisteer Wordpress Theme Generator Create Custom Themes! My Little Network

2010-09-13, 03:43 PM	#14
MeatPounder Women might be able to fake orgasms But men can fake whole relationships Join Date: Oct 2003 Location: Fort Lauderdale, Fl Posts: 2,408	A lot of mainstream sites that are using openx have been hacked lately

2010-09-14, 04:05 AM	#16
bDok bang bang Join Date: Mar 2005 Location: SD/OC/LA Posts: 3,241	ok i see i'm at 2.8.3 and 2.8.6 is out. This will be happening tomorrow. __________________ submit to Nymphotic submit to Moistlace

2010-09-14, 07:06 AM	#17
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Last night I password protected my admin directory using htaccess. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2010-09-14, 10:30 AM	#20
LD wtfwjd? Join Date: May 2007 Posts: 2,103	Excellent, thanks Cleo! __________________ Artisteer Wordpress Theme Generator Create Custom Themes! My Little Network

2010-09-14, 08:59 PM	#21
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	Appears if you are using anything but the javascript delivery, the admin directory cannot be protected. LD, in the control panel, you can automatically generate .htaccess/.htpasswd files. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2010-09-14, 09:24 PM	#23
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	I believe the iframe and php includes try to include a file from the admin directory for some display function. It does indeed break when the admin directory is set to chmod 700. Javascript delivery appears to have been written after the fact and doesn't use those includes and works when the admin directory is chmod 700. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2010-09-14, 09:44 PM	#24
LD wtfwjd? Join Date: May 2007 Posts: 2,103	I'm all protected now, thanks guys. __________________ Artisteer Wordpress Theme Generator Create Custom Themes! My Little Network

2010-09-14, 10:49 PM	#25
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	I liked this program a whole lot more back when it was PhpAdsNew. The admin was way less confusing and it did everything that I needed it to do and was simple to use. It seems like it has turned into bloatware with all kinds of features that are only needed by a few. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289