Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Users of OpenX versions 2.8.0 – 2.8.8–please read!!

May 5th 2012 in Uncategorized

http://blog.openx.org/05/security-update-for-openx-28-users/

 

“A recent security issue with OpenX versions 2.8.0 – 2.8.8 means users of these versions of the platform should take the following steps:

1. Secure their servers by removing the files being exploited:

  • www/admin/account-settings-debug.php
  • www/admin/plugin-index.php
  • www/admin/plugin-settings.php
  • www/admin/admin-user.php

2. Removing these scripts will impact some of the user/plugin management systems, but will not affect existing users/plugins, and will not affect ad serving.

3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process.

Users can tell if they have been affected by this by checking for a rogue admin user named “openx-manager” in their UI at http://<your_admin_domain>/www/admin/admin-access.php

If the above user is found, it should be removed, and a full security audit should be performed.

We strongly encourage users to lock down their config file. Additionally, users should notify security@openx.com if they ever become aware of a security matter.”


Comments are closed.

Again, it’s not real – and again, hovering over a hyperlink in the email is a dead giveaway…  

Previous Entry

checkingserve.com ICANN Registrar: Register.com Inc Created 24 April 2012 IP: 216.21.239.197 Registrant: Tom Baker (medows_time@yahoo.com) ***** trackingserviced.com ICANN Registrar: Register.com Inc Created 26 April 2012 IP: 216.21.239.197 Registrant: Tom Baker (medows_time@yahoo.com) ***** directionmedian.com ICANN Registrar: […]

Next Entry

Archives