• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

OpenX users – Time to upgrade

September 16, 2010David Dede

FacebookTwitterSubscribe

*Note that openx.org is currently offline, so we recommend disabling it until you can upgrade.
**We are mirroring version 2.8.7 here: http://sucuri.net/openx-2.8.7.tar.gz if you don’t want to wait until openx is back online.
***If your site is hacked/blacklisted and you need help, email us at support@sucuri.net

If you are using OpenX, make sure to upgrade it to the latest version (2.8.7) as soon as possible.

Older versions have a known vulnerability that is being exploited in the wild.

This is the announcement from the OpenX team (their site is offline, so I am copying in here):

Security is an important priority at OpenX and we’re constantly working to provide security patches and bug fixes as soon as we become aware of any potential issue. As these issues are discovered, we validate, patch and release as quickly as we can. But it’s important to understand that avoiding potential security issues also requires server administrators to be vigilant and upgrade their systems to new, patched versions as soon as they become available.

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. We have already closed this vulnerability with the latest version of our software. To avoid this issue, we recommend that all users immediately upgrade their systems to 2.8.7.

You can download the new version here: http://www.openx.org/ad-server/download (also offline, but hopefully it will be back soon).

Example of malware being used in the wild: http://sucuri.net/malware/entry/MW:IFRAME:HD36

If you can’t upgrade, make sure to delete the following file: admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php

We will post more details as we learn.

FacebookTwitterSubscribe

Categories: Vulnerability DisclosureTags: Hacked Websites

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. picajoso

    September 16, 2010

    We've been affected by this too. I've downloaded OpenX 2.8.7 from here:
    http://download.openx.org/openx-2.8.7.tar.bz2 http://download.openx.org/openx-2.8.7.tar.gz http://download.openx.org/openx-2.8.7.zip

    In case you're interested. The links work even though the website doesn't.

    Anyway, I'm not sure the upgrade will be enough. I really don't now if the malware has spreaded to the database or the OpenX files in someway, and don't know either if there's some easy way to check this.

  2. Joe

    September 16, 2010

    [quote] I'm not sure the upgrade will be enough. I really don't now if the malware has spreaded to the database or the OpenX files in someway [/quote]

    It's not the patch's job to clean up your data and chase down malware which has been pushed to your machine, just to plug the vulnerability.

  3. Francia

    September 16, 2010

    Somebody knows if this vulnerability affect 2.4.X versions???

  4. End User

    September 16, 2010

    Update is not enough. You need to check DB tables for zones, banners and users.
    Look for the append and prepend code in the zones and banners table. Check users to see if one or two were added recently.

    You can also check the audit trail. To help hunt down issue.

  5. theguy

    September 16, 2010

    We were attacked by this early today. Javascript code was added to the prepend and append columns in the ox_zones tables. Also the ox_banners table. 2 new users were added in the ox_users table. Make sure to remove this data from the DB.

  6. picajoso

    September 16, 2010

    That's exactly what we have done: after upgrading we have checked the database, and there were in fact several issues:

    – Codes in the apend and prepend fields on the ox_zones and ox_banners
    – New users in the ox_users
    – Several entries on ox_audit

    I've cleaned everything I found but… could it be possible that some infected file could cause the auto-generation of new codes/users and its insertion on those tables? We thought that we were finished, but ten minutes ago we found new corrupted data on our OpenX DB πŸ™

  7. picajoso

    September 17, 2010

    In case you're interested, the OpenX team has posted an article about the vulnerability and the process to clean everything:
    http://blog.openx.org/09/security-update-how-to-s…

    Hope this helps!

  8. Boris Delev

    September 17, 2010

    You can delete variables of "append" and "prepend" elements in table banners & ox_zones. Then you must check your computer for viruses and test all users of openx system.

  9. OpenX Reviews

    December 27, 2010

    Always check new versions for OpenX. It provides security.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.