If you run OpenX watch out for this - CRITICAL SECURITY -
 

http://blog.sucuri.net/2010/09/openx...o-upgrade.html

http://blog.openx.org/09/security-up...8OpenX+Blog%29

Many sites are being reported as malicious by Google, causing traffic loss, etc. Hope you find this useful.

nik

Yeah, I got 5 of my sites blocked by google this week because I was using openx. they say I distributed badware though openx

This is why i use commercial scripts rather.

Holy shit! checking that out (upgrading)!

is this happening to sites running that particular update or for all older OpenX versions?

thanks for the info

Such as?

I deleted my OpenX about a year ago.

Thanks for helping that guy out Nikad. I coiuld only see what it was. Not where.

Thanks for the update

Better check your sites. This one hurts like a mother fucker!

Such this shit:
http://smart-scripts.com/?action=smartspots

Glad it was of help! ( as if awms hadn´t been hit hard lately now this :P )

Yea this happened to me and it really crushed me. I got my sites which got hit reconsidered by Google and the malware warning taken off but now my whole network is sandboxed. Really painful and costly shit. :(

Like commercial ones are immune to security loopholes and vulnerabilities.

:2 cents:

yeah a lot of open source stuff has 100's of geeks going over the code rather than a few employed coders of commercial scripts.

OpenX sucks:(

Those fuckers got me, but luckily on only one installation.

There's an update to fix it...

openx rocks and this will be solved...

I have it and I have following problems
- geoip targeting not working for my country
- php includes code not counting hits/clicks
- memcache not working (bad help on this one too)
- banners load slowly the rest of the page, lacking iframe codes...

a few days ago (2) just got an update

do your update

That must have been quite a big security hole if it allowed attackers to inject code into the ad fields.

I never liked openX. They include the Pear library in their download which makes the whole thing huge. Many servers already have pear installed. They should just make it a server requirement instead of including it in the download.

The latest update does not completely solve the problem, you must allow only your server ip address to access any files of this script, otherwise they will get in again. I always loved this script, but the security hole has been there for almost a year...that doesn´t make me happy. I will give it a last chance though, but it gets boring :P

looks like its time to use simple php scripts like those free random banner scripts