If you run OpenX watch out for this - CRITICAL SECURITY -

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • nikad
    Confirmed User
    • Jan 2004
    • 2579

    #1

    If you run OpenX watch out for this - CRITICAL SECURITY -

    http://blog.sucuri.net/2010/09/openx...o-upgrade.html

    http://blog.openx.org/09/security-up...8OpenX+Blog%29

    Many sites are being reported as malicious by Google, causing traffic loss, etc. Hope you find this useful.

    nik

    The Filthy Few

    [email protected]
  • Rick Diculous
    Confirmed User
    • Jul 2008
    • 2384

    #2
    Yeah, I got 5 of my sites blocked by google this week because I was using openx. they say I distributed badware though openx

    Comment

    • Klen
      • Aug 2006
      • 32235

      #3
      This is why i use commercial scripts rather.

      Comment

      • strobi
        Confirmed User
        • Nov 2002
        • 7383

        #4
        Holy shit! checking that out (upgrading)!

        Comment

        • TheMaster
          Confirmed User
          • Nov 2003
          • 2734

          #5
          is this happening to sites running that particular update or for all older OpenX versions?

          Comment

          • MaDalton
            I am Amazing Content!
            • Feb 2004
            • 39861

            #6
            thanks for the info
            AmazingContent.com - providing only the best content and service since 2003
            Monetize your content on Veegaz.com - one of Germanies largest VOD sites
            Got German traffic? We convert it into money for you!
            Email: oltecconsult [at] gmail [dot] com

            Comment

            • DWB
              Registered User
              • Jul 2003
              • 31779

              #7
              Originally posted by KlenTelaris
              This is why i use commercial scripts rather.
              Such as?

              Comment

              • Dating Port
                Useless As Ever
                • Jan 2009
                • 731

                #8
                I deleted my OpenX about a year ago.

                Thanks for helping that guy out Nikad. I coiuld only see what it was. Not where.
                Last edited by Dating Port; 09-18-2010, 08:21 AM.
                Email: admin[at]datingport.co.uk - ICQ: 456416181
                It's amazing what you (L)earn when you put some effort into it!

                Comment

                • GTS Mark
                  Vrume Mark
                  • Jan 2001
                  • 20912

                  #9
                  Thanks for the update

                  Comment

                  • LeRoy
                    Porn Pusher
                    • Jul 2007
                    • 13364

                    #10
                    Better check your sites. This one hurts like a mother fucker!
                    JAPANESE CAMS AND CONTENT SITES
                    Teams - leroy.rowland2
                    Telegram - @lroddd

                    Comment

                    • Klen
                      • Aug 2006
                      • 32235

                      #11
                      Originally posted by DirtyWhiteBoy
                      Such as?
                      Such this shit:
                      http://smart-scripts.com/?action=smartspots

                      Comment

                      • nikad
                        Confirmed User
                        • Jan 2004
                        • 2579

                        #12
                        Glad it was of help! ( as if awms hadn´t been hit hard lately now this :P )

                        The Filthy Few

                        [email protected]

                        Comment

                        • cykoe6
                          Confirmed User
                          • Apr 2005
                          • 4499

                          #13
                          Yea this happened to me and it really crushed me. I got my sites which got hit reconsidered by Google and the malware warning taken off but now my whole network is sandboxed. Really painful and costly shit.
                          бабки, шлюхи, сила

                          Comment

                          • Vick!
                            Confirmed User
                            • Nov 2005
                            • 6882

                            #14
                            Originally posted by KlenTelaris
                            This is why i use commercial scripts rather.
                            Like commercial ones are immune to security loopholes and vulnerabilities.

                            Affordable Quality Web Hosting

                            Comment

                            • roly
                              Confirmed User
                              • Aug 2002
                              • 1844

                              #15
                              Originally posted by Vick!
                              Like commercial ones are immune to security loopholes and vulnerabilities.

                              yeah a lot of open source stuff has 100's of geeks going over the code rather than a few employed coders of commercial scripts.
                              Last edited by roly; 09-18-2010, 12:06 PM.

                              Comment

                              • Hawkins
                                Confirmed User
                                • Oct 2007
                                • 149

                                #16
                                OpenX sucks
                                Sell your clips at Faphouse!
                                Get juicy rebills on cams with Stripcash!

                                Comment

                                • tiger
                                  Confirmed User
                                  • Apr 2002
                                  • 6986

                                  #17
                                  Those fuckers got me, but luckily on only one installation.

                                  Comment

                                  • CyberHustler
                                    Masterbaiter
                                    • Feb 2006
                                    • 28750

                                    #18
                                    I dropped openx right on time... sucks for some of you guys though.
                                    “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                    Comment

                                    • signupdamnit
                                      Confirmed User
                                      • Aug 2007
                                      • 6697

                                      #19
                                      There's an update to fix it...

                                      You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

                                      Comment

                                      • HomerSimpson
                                        Too lazy to set a custom title
                                        • Sep 2005
                                        • 13826

                                        #20
                                        openx rocks and this will be solved...

                                        Originally posted by KlenTelaris
                                        I have it and I have following problems
                                        - geoip targeting not working for my country
                                        - php includes code not counting hits/clicks
                                        - memcache not working (bad help on this one too)
                                        - banners load slowly the rest of the page, lacking iframe codes...
                                        Make a bank with Chaturbate - the best selling webcam program
                                        Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                                        PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                                        Comment

                                        • hdkiller
                                          Full time cybermage
                                          • Jun 2006
                                          • 461

                                          #21
                                          a few days ago (2) just got an update

                                          do your update
                                          ClickPapa! - Buy and Sell traffic

                                          Comment

                                          • Davy
                                            Confirmed User
                                            • Apr 2006
                                            • 4323

                                            #22
                                            That must have been quite a big security hole if it allowed attackers to inject code into the ad fields.

                                            I never liked openX. They include the Pear library in their download which makes the whole thing huge. Many servers already have pear installed. They should just make it a server requirement instead of including it in the download.
                                            ---
                                            ICQ 14-76-98 <-- I don't use this at all

                                            Comment

                                            • nikad
                                              Confirmed User
                                              • Jan 2004
                                              • 2579

                                              #23
                                              The latest update does not completely solve the problem, you must allow only your server ip address to access any files of this script, otherwise they will get in again. I always loved this script, but the security hole has been there for almost a year...that doesn´t make me happy. I will give it a last chance though, but it gets boring :P

                                              The Filthy Few

                                              [email protected]

                                              Comment

                                              • stonehammer
                                                Confirmed User
                                                • Feb 2008
                                                • 1430

                                                #24
                                                looks like its time to use simple php scripts like those free random banner scripts
                                                GFY Educational Series: Buying Skimmed Traffic for Websites

                                                Comment

                                                Working...