*Note that openx.org is currently offline, so we recommend disabling it until you can upgrade.
**We are mirroring version 2.8.7 here: http://sucuri.net/openx-2.8.7.tar.gz if you don’t want to wait until openx is back online.
***If your site is hacked/blacklisted and you need help, email us at email@example.com
If you are using OpenX, make sure to upgrade it to the latest version (2.8.7) as soon as possible.
Older versions have a known vulnerability that is being exploited in the wild.
This is the announcement from the OpenX team (their site is offline, so I am copying in here):
Security is an important priority at OpenX and we’re constantly working to provide security patches and bug fixes as soon as we become aware of any potential issue. As these issues are discovered, we validate, patch and release as quickly as we can. But it’s important to understand that avoiding potential security issues also requires server administrators to be vigilant and upgrade their systems to new, patched versions as soon as they become available.
It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. We have already closed this vulnerability with the latest version of our software. To avoid this issue, we recommend that all users immediately upgrade their systems to 2.8.7.
You can download the new version here: http://www.openx.org/ad-server/download (also offline, but hopefully it will be back soon).
Example of malware being used in the wild: http://sucuri.net/malware/entry/MW:IFRAME:HD36
If you can’t upgrade, make sure to delete the following file: admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php
We will post more details as we learn.