0 Members and 1 Guest are viewing this topic.

Offline AshSimmonds

  • Geekitecht

  • Joined: Feb 2006

  • Drives: GF's shitbox :(
  • Location: Adelayed
  • Name: Humble Narrator
  • www: AshSimmonds.com
Just a quick note for any folks running a site and using the OpenX banner ad serving software, this morning AE was hit by an attack where an IFRAME was embedded within the banner script which requests data from a malware site.

In our case the actual link was:

Code: [Select]
<iframe src="" width="1" height="1" hspace="0" vspace="0" frameborder="0" scrolling="no"></iframe>
...which for some reason is a Google server, so if you are logged into your Google account, Google's break out of frames script would redirect you back to Google homepage.

The IP inserted is different on many other people's servers, you can find them by Googling OpenX tds/in.cgi.

The basics are that the malware iframe code was injected into the MySQL database somehow into the "Append and prepend settings" in OpenX where it tells the server to "Always append the following HTML code to banners displayed by this zone".

Just remove that append code and it's fixed - but it will be annoying if you're running dozens of banners, lucky for me we don't have many advertisers yet.  :thumbsup:

I think I'll be using this opportunity to move away from OpenX, anyone tried Google Ad Manager/DoubleClick for Publishers?

Here's an example of what it looks like in the admin part of the banner, and where the code has been injected:

Latest Discussions

[ McLaren ] 675 LT Spider JPG Yesterday at 23:20
[ Racing ] 2017 Formula 1 Tipping game PA Yesterday at 20:43
[ Racing ] Seeking photos of Brian Ginger - died in 1993 London-Sydney Marathon Chicky01 Yesterday at 17:38
[ Ferrari ] 812 Superfast shack Yesterday at 16:57
[ Funny Cool Stoopid ] it's funny cause i'm drunk!! dodger Yesterday at 16:20
[ Racing ] Australian GT series dkabab Yesterday at 13:32
[ Off Topic ] Real Estate 360c Yesterday at 11:48
[ British Cars ] JAGUAR XJ220 tdc911 Fri, 24 Mar, 2017 - 17:36
[ Air Crash Investigations ] For those thinking of a private jet dkabab Fri, 24 Mar, 2017 - 17:32
[ Racing ] Lola Larousse LC88 goober Fri, 24 Mar, 2017 - 17:17