Comments for OpenX Consultant Erik Geurts http://www.openxconsultant.com Offering information and support for the OpenX Ad Server Wed, 14 Apr 2010 17:45:33 +0000 http://wordpress.org/?v=2.9.2 hourly 1 Comment on Attacks on OpenX v2.8.2 installations reported by Erik Geurts http://www.openxconsultant.com/blog/2010/04/attacks-on-openx-v2-8-2-installations-reported/comment-page-1/#comment-183 Erik Geurts Wed, 14 Apr 2010 17:45:33 +0000 http://www.openxconsultant.com/?p=445#comment-183 Hi Will, Tait, I'm very sorry to hear that you've been hit by this, as have been many others. I would like to recommend that you contact <a href="http://www.beccati.com/" rel="nofollow">Matteo Beccati</a>, he is almost certainly able to help you with the clean-up efforts. Good luck, Erik Geurts Hi Will, Tait,

I’m very sorry to hear that you’ve been hit by this, as have been many others. I would like to recommend that you contact Matteo Beccati, he is almost certainly able to help you with the clean-up efforts.

Good luck, Erik Geurts

]]> Comment on Attacks on OpenX v2.8.2 installations reported by Tait http://www.openxconsultant.com/blog/2010/04/attacks-on-openx-v2-8-2-installations-reported/comment-page-1/#comment-182 Tait Wed, 14 Apr 2010 13:14:44 +0000 http://www.openxconsultant.com/?p=445#comment-182 Hey Erik, Do you know what entries were made in the DB that caused the stats to not show up? Thanks! Hey Erik,

Do you know what entries were made in the DB that caused the stats to not show up?

Thanks!

]]> Comment on Attacks on OpenX v2.8.2 installations reported by Will Willis http://www.openxconsultant.com/blog/2010/04/attacks-on-openx-v2-8-2-installations-reported/comment-page-1/#comment-181 Will Willis Tue, 13 Apr 2010 22:44:33 +0000 http://www.openxconsultant.com/?p=445#comment-181 I just found that I've been hit with this attack. I moved the install.php file out of www/admin/ and I deleted the new admin account. Any idea how I can get my stats back? I just found that I’ve been hit with this attack. I moved the install.php file out of www/admin/ and I deleted the new admin account. Any idea how I can get my stats back?

]]> Comment on Attacks on OpenX v2.8.2 installations reported by Matteo Beccati http://www.openxconsultant.com/blog/2010/04/attacks-on-openx-v2-8-2-installations-reported/comment-page-1/#comment-180 Matteo Beccati Tue, 13 Apr 2010 09:57:26 +0000 http://www.openxconsultant.com/?p=445#comment-180 I've just reported the attacker IP address to the abuse account of the Italian ISP (Fastweb). Quickly translated email follows: <cite> Hi, I've been contacted by many customers around the world to solve the issues caused by an attack exploiting a vulnerability of the popular open source ad server OpenX (www.openx.org). The mass infection took place on Saturday April 10 between 1pm and 2pm Italian time and it was coming from an IP address belonging to your network: 62.101.68.213. Here are some excerpts from web server logs that I verified myself: <code> 62.101.68.213 - - [10/Apr/2010:07:46:56 -0400] "GET /admin/index.php HTTP/1.1" 200 1388 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:07:46:56 -0400] "POST /admin/install.php HTTP/1.1" 200 1529 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:07:46:57 -0400] "POST /admin/index.php HTTP/1.1" 200 1438 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:07:46:57 -0400] "GET /admin/account-switch.php?account_id=1 HTTP/1.1" 200 1378 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:07:46:58 -0400] "POST /admin/plugin-index.php HTTP/1.1" 200 1367 "-" "Mozilla/5.0 (Windows)" </code> <code> 62.101.68.213 - - [10/Apr/2010:04:47:17 -0700] "GET /openx/www/admin/index.php HTTP/1.1" 200 4420 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:04:47:21 -0700] "POST /openx/www/admin/install.php HTTP/1.1" 200 3688 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:04:47:23 -0700] "POST /openx/www/admin/index.php HTTP/1.1" 200 4410 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:04:47:26 -0700] "GET /openx/www/admin/account-switch.php?account_id=1 HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:04:47:29 -0700] "POST /openx/www/admin/plugin-index.php HTTP/1.1" 200 4248 "-" "Mozilla/5.0 (Windows)" 62.101.68.213 - - [10/Apr/2010:04:47:32 -0700] "GET /openx/plugins/bannerTypeHtml/oxHtml/genericHtml.delivery.php HTTP/1.1" 200 175 "-" "Mozilla/5.0 (Windows)" </code> </cite> I’ve just reported the attacker IP address to the abuse account of the Italian ISP (Fastweb).

Quickly translated email follows:

Hi,

I’ve been contacted by many customers around the world to solve the issues caused by an attack exploiting a vulnerability of the popular open source ad server OpenX (www.openx.org).

The mass infection took place on Saturday April 10 between 1pm and 2pm Italian time and it was coming from an IP address belonging to your network: 62.101.68.213.

Here are some excerpts from web server logs that I verified myself:

62.101.68.213 - - [10/Apr/2010:07:46:56 -0400] "GET /admin/index.php HTTP/1.1" 200 1388 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:07:46:56 -0400] "POST /admin/install.php HTTP/1.1" 200 1529 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:07:46:57 -0400] "POST /admin/index.php HTTP/1.1" 200 1438 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:07:46:57 -0400] "GET /admin/account-switch.php?account_id=1 HTTP/1.1" 200 1378 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:07:46:58 -0400] "POST /admin/plugin-index.php HTTP/1.1" 200 1367 "-" "Mozilla/5.0 (Windows)"


62.101.68.213 - - [10/Apr/2010:04:47:17 -0700] "GET /openx/www/admin/index.php HTTP/1.1" 200 4420 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:04:47:21 -0700] "POST /openx/www/admin/install.php HTTP/1.1" 200 3688 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:04:47:23 -0700] "POST /openx/www/admin/index.php HTTP/1.1" 200 4410 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:04:47:26 -0700] "GET /openx/www/admin/account-switch.php?account_id=1 HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:04:47:29 -0700] "POST /openx/www/admin/plugin-index.php HTTP/1.1" 200 4248 "-" "Mozilla/5.0 (Windows)"
62.101.68.213 - - [10/Apr/2010:04:47:32 -0700] "GET /openx/plugins/bannerTypeHtml/oxHtml/genericHtml.delivery.php HTTP/1.1" 200 175 "-" "Mozilla/5.0 (Windows)"

]]> Comment on Attacks on OpenX v2.8.2 installations reported by Craig Payne http://www.openxconsultant.com/blog/2010/04/attacks-on-openx-v2-8-2-installations-reported/comment-page-1/#comment-179 Craig Payne Tue, 13 Apr 2010 09:38:32 +0000 http://www.openxconsultant.com/?p=445#comment-179 Erik Thanks for staying on top of this. As you know I have been watching the forum posts and reports nervously about my installation. No problems yet. CP Erik

Thanks for staying on top of this. As you know I have been watching the forum posts and reports nervously about my installation. No problems yet.

CP

]]> Comment on OpenX Ad Server v2.8.5 released for download by Erik Geurts http://www.openxconsultant.com/blog/2010/03/openx-ad-server-v2-8-5-released-for-download/comment-page-1/#comment-173 Erik Geurts Tue, 30 Mar 2010 12:20:37 +0000 http://www.openxconsultant.com/?p=438#comment-173 Hi Alex, Thanks for your input and report. I'm afraid I don't have a solution for this, but perhaps there is another reader that has an idea. Regards, Erik Geurts Hi Alex,

Thanks for your input and report. I’m afraid I don’t have a solution for this, but perhaps there is another reader that has an idea.

Regards, Erik Geurts

]]> Comment on OpenX Ad Server v2.8.5 released for download by Alex Aranda http://www.openxconsultant.com/blog/2010/03/openx-ad-server-v2-8-5-released-for-download/comment-page-1/#comment-172 Alex Aranda Tue, 30 Mar 2010 11:56:52 +0000 http://www.openxconsultant.com/?p=438#comment-172 Hi Erik, I agree with you this seems very strange. I have been trying to install OpenX 2.8.4 / 2.8.5 and have encountered the following errors: OpenX v2.8.4 running on Apache 2.2.3, PHP 5.1.6 and MySQL 5.0.77-. The following error on clicking the "Inventory setup wizard": Fatal error: Call to undefined method Zend_View_Helper_Placeholder_Container::ksort() in /var/www/vhosts/visitarlondres.com/httpdocs/anuncios/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/HeadLink.php on line 310 For 2.8.5 I cannot pass the second screen that asks for your openx.org details, seems like the lower part of the page is missing. Any ideas? Hi Erik, I agree with you this seems very strange. I have been trying to install OpenX 2.8.4 / 2.8.5 and have encountered the following errors:

OpenX v2.8.4 running on Apache 2.2.3, PHP 5.1.6 and MySQL 5.0.77-.

The following error on clicking the “Inventory setup wizard”:

Fatal error: Call to undefined method Zend_View_Helper_Placeholder_Container::ksort() in /var/www/vhosts/visitarlondres.com/httpdocs/anuncios/www/admin/plugins/openXWorkflow/library/Zend/View/Helper/HeadLink.php on line 310

For 2.8.5 I cannot pass the second screen that asks for your openx.org details, seems like the lower part of the page is missing.

Any ideas?

]]> Comment on OpenX Ad Server v2.8.5 released for download by Erik Geurts http://www.openxconsultant.com/blog/2010/03/openx-ad-server-v2-8-5-released-for-download/comment-page-1/#comment-171 Erik Geurts Mon, 29 Mar 2010 13:27:17 +0000 http://www.openxconsultant.com/?p=438#comment-171 Hi Rubén, Thanks for your response. I wrote this blog post well before the recent reports about potential security problems. It's usually a good idea to stay up to date with the most recent versions of software. However, in the case of OpenX v2.8.5 I'm not entirely convinced yet. Best regards, Erik Geurts Hi Rubén,

Thanks for your response. I wrote this blog post well before the recent reports about potential security problems. It’s usually a good idea to stay up to date with the most recent versions of software. However, in the case of OpenX v2.8.5 I’m not entirely convinced yet.

Best regards, Erik Geurts

]]> Comment on OpenX Ad Server v2.8.5 released for download by Rubén http://www.openxconsultant.com/blog/2010/03/openx-ad-server-v2-8-5-released-for-download/comment-page-1/#comment-169 Rubén Thu, 25 Mar 2010 09:38:23 +0000 http://www.openxconsultant.com/?p=438#comment-169 Thanks Erik about your warning. Unfortunately I read your post after I did an upgrade of all of our OpenX servers. We did this after a serious security problem. Thanks anyway. Thanks Erik about your warning. Unfortunately I read your post after I did an upgrade of all of our OpenX servers. We did this after a serious security problem.

Thanks anyway.

]]> Comment on OpenX Ad Server v2.8.4 announced by Erik Geurts http://www.openxconsultant.com/blog/2010/01/openx-ad-server-v2-8-4-announced/comment-page-1/#comment-136 Erik Geurts Thu, 28 Jan 2010 09:59:36 +0000 http://www.openxconsultant.com/?p=346#comment-136 <em>Update January 28, 2010</em>: <a href="http://www.openxconsultant.com/blog/2010/01/openx-ad-server-v2-8-4-released-for-download/" rel="nofollow">OpenX Ad Server v2.8.4 is now available for downloading</a> Update January 28, 2010: OpenX Ad Server v2.8.4 is now available for downloading

]]>