OpenX Serving Malware?

**Bec** · 01-12-2011, 01:19 PM

Some users of OpenX are still reeling and recovering from hacker attacks just last Sept. 2010, when an OpenX banner page hack placed a malicious JavaScript or Iframe into the banner page produced by an OpenX ad server.

This was often accomplished with a plugin and in some other cases the malicious code itself was injected into the OpenX database. Hackers have inserted backdoor scripts, which allow the hacker to obtain remote access to the hacked ad server. In some cases hackers added additional user accounts to the ad server. This was able to infect ad servers running up to version 2.8.6 (check what version you are currently running). OpenX has announced that they patched an undisclosed vulnerability in version 2.8.7, they also have a post with advice on cleaning up after a hack that took advantage of this. A previous hack infected ad servers last December, 2009 and was patched in version 2.8.3

And now from Sucuri.net, a blog that does research and tracks website hacking and blacklisting, came this post on Jan. 7th, 2011:

We are tracking a few sites that are currently blacklisted and showing a warning from Google that openx.org (home of a popular open source ad server) is the site responsible for the infection: 2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including openx.org/.

By looking at the diagnostic page for openx.org itself, it shows:Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, openx.org appeared to function as an intermediary for the infection of 82 site(s) including solovenezolanas.com/, thelocal.de/, drtuber.com/.

We are still tracking to see which ads are causing the issue, or if the openx servers themselves are compromised. If you include the tracking code from openx.org, we recommend that you check to see if there isn’t any malicious code being pushed to your users.

I was considering using this script, but am a bit leary of doing so now. Even being "hardened" with all the security Wordpress script upgrades, this one worries me. Anyone here have any experience with dealing with the OpenX issues?

**HunkyLuke** · 01-12-2011, 04:53 PM

I have heard of issues like this as well, I also read that protecting the admin directory with an .htaccess / .htpasswd stops these types of attacks so that is what I did....but, yeah, its still a bit of a worry!!!

**nicedreams** · 01-12-2011, 06:57 PM

We were using it until one of our sites got blocked by google because it got malware from openx. It took 2 months to get the compromise message off google.

Jimmy