Warning: OpenX Exploits

Warning to anyone using OpenX on their sites or server. It’s not being used by hackers to insert malware and exploits. My own install was used for that reason after an attack yesterday (fixed now).

I would highly recommend anyone using Open X to take action before it happens to you.

I’ve temporarily also disabled adverts on this forum due to the above reason.

Re: Warning: OpenX Exploits

http://www.smart-scripts.com/?action=smartspots is good replacement. It’s just $50 and use by big networks like www.bravomediagroup.com.

Re: Warning: OpenX Exploits

Glad I got rid of OpenX because it doesn’t support PHP 5.4 and not this reason :\ Good luck.

Re: Warning: OpenX Exploits

I’ve used Smart Scripts before but not keen on using them again… I’m going to create my own script instead. The only way I can be totally sure there are no backdoors or exploits.

Re: Warning: OpenX Exploits

I’m disappointed about the lack of IMPORTANT features of their scripts too but for a small webmaster could be a reasonable price for a good product.
I agree about that custom things are always better.

Re: Warning: OpenX Exploits

[QUOTE=DudesSimon;121516]I’m disappointed about the lack of IMPORTANT features of their scripts too but for a small webmaster could be a reasonable price for a good product.
I agree about that custom things are always better.[/QUOTE]

Whatever I create custom will be lacking too but no choice. I don’t want to rely on a 3rd party script again that might cause issues or no longer be supported.

Re: Warning: OpenX Exploits

What version were you running?

Re: Warning: OpenX Exploits

Bjorn- If you want I can help you with this, I replaced OpenX with a script which substantially replaces the forward-facing aspects of OpenX (ad rotation, sponsors, sites). I don’t use all of OpenX’s features so the backend functionality of weighting etc is not really developed, and I haven’t gotten around to doing a script to front-end the statistics etc.

EDIT: it’s a script I wrote, not one of the pre-made ones which universally seemed awful.

Re: Warning: OpenX Exploits

The latest release I think, but they haven’t updated that for a long time now. They just stopped. Even their own hosted version is listed as source of malware and viruses. Strange they haven’t even closed down the security holes on the paid / hosted version either.

Re: Warning: OpenX Exploits

[QUOTE=romancexcore;121519]Bjorn- If you want I can help you with this, I replaced OpenX with a script which substantially replaces the forward-facing aspects of OpenX (ad rotation, sponsors, sites). I don’t use all of OpenX’s features so the backend functionality of weighting etc is not really developed, and I haven’t gotten around to doing a script to front-end the statistics etc.

EDIT: it’s a script I wrote, not one of the pre-made ones which universally seemed awful.[/QUOTE]

Thanks for the offer. I think I have my own replacement though, using a script I’m familiar with and customizing it.

Re: Warning: OpenX Exploits

Ah, okay. Not a big challenge since it would be difficult to make a script that worked worse, have to build in random infinite loops and incompatibilities :confused:

Re: Warning: OpenX Exploits

I had a little briefing about that with GTP. We use OpenX to handle the adv in our members area. Since it works in a protected area we are safe but I don’t want to use buggy software. Anyway we’ll give the developer a week to fix the issue, then we’ll migrate to another solution.
It seems impossible to me that a so popular script won’t be fixed in a reasonable time.
We’ll see.

Re: Warning: OpenX Exploits

Isn’t this the basic problem with using open-source anything? Or am I confused because the product name is Open X?

Seems to me that open-source software, Wordpress plugins and free themes are all great while they’re being maintained, but as soon as the originators lose interest they just become a risk to use.

Re: Warning: OpenX Exploits

[QUOTE=dzinerbear;121548]Isn’t this the basic problem with using open-source anything? Or am I confused because the product name is Open X?

Seems to me that open-source software, Wordpress plugins and free themes are all great while they’re being maintained, but as soon as the originators lose interest they just become a risk to use.[/QUOTE]

Commercial scripts have the same problem. If the developer thinks that the product isn’t profitable he drops it.
It’s happened before. Think about JMB Script, Arylia … .

Re: Warning: OpenX Exploits

[QUOTE=dzinerbear;121548]Isn’t this the basic problem with using open-source anything? Or am I confused because the product name is Open X?

Seems to me that open-source software, Wordpress plugins and free themes are all great while they’re being maintained, but as soon as the originators lose interest they just become a risk to use.[/QUOTE]

I guess we better drop all the open-source software then, run for the exits… Gotta get rid of that dangerous Apache server, nginx, Firefox, Chrome, all those unreliable Linuxes like CentOS/Debian/Ubuntu, Wordpress… or maybe wonder what could be wrong that you’re having trouble getting Aldus Freehand to load these days.

Re: Warning: OpenX Exploits

You don’t have to drop open-source software and run for the exits, you just need to factor in things like what happened with Bjorn. A program that he became dependent on fell into disrepair because the original creator wasn’t updating the product, that left him vulnerable to hacking, malware was uploaded to his server, which resulted in Google flagging his site and killing a great deal of his traffic for a day. So this “free” open-source software cost him a day’s worth of his time to tend to the problem, day’s worth of traffic from Google, unknown losses in sales, and perhaps this even put off a few visitors who may never come back to the site because they’ll have that malware warning lingering in their heads. And know he’s got to find or develop a new solutions, which amounts to more time and money.

I guess my point is that you get what you pay for. Some open-source stuff is great and is maintained properly.

But neither am I saying that paying for software is always the way to go. A tool called Lightning that came with the last version of Word Perfect I bought suddenly stopped working when IE 8 came out. Lightning was just a simple tool allowing you to keep passwords, notes, snippets of code, whatever you wanted easily at hand. But I liked it and became dependent on it. Word Perfect has done nothing to fix the problem, they just seem to have thrown their hands up in the air and said, “Oh well, sorry IE 8 broke it.”

Re: Warning: OpenX Exploits

There are people and companies that harden these applications on a continuing basis. eg. ServerStack You could buy their services.
There are others that have managed services. Maybe not as good as the hardened service ServerStack has.

And further the OpenX community is very active as well.
http://forum.openx.org/

Or
http://www.openx.com/community

Re: Warning: OpenX Exploits

Well exactly. No software is impervious.

Re: Warning: OpenX Exploits

[QUOTE=gumdrop;121554]There are people and companies that harden these applications on a continuing basis. eg. ServerStack You could buy their services.
There are others that have managed services. Maybe not as good as the hardened service ServerStack has.

And further the OpenX community is very active as well.
http://forum.openx.org/

Or
http://www.openx.com/community[/QUOTE]

The community might be active but they don’t update the freeware. Anyone who continue to use them can get hacked at any time.

Not only that, OpenX own hosted solution and site is still listed as a source of spreading Malware. Would you pay a company to host your advertising solution when they are seen by Google as a dangerous site or spreading malware?

Re: Warning: OpenX Exploits

Same reason why you pay Nat Net or Gossamer to host your Linux distro and Apache etc.You don’t have to use OpenX to host it as I said there are companies that harden those applications like ServerStack.