Add new comment

Ad servers hit by rogue plug-in

A site owner whose web team spent 100 hours trying to figure out the reason for their site being compromised finally isolated the problem. They gave us permission to share the following information, which we are reproducing here. Please note that we have not verified the details of this report, and we present it as-is for informational purposes only. If anyone has more information on this attack, please let us know in the comments or by e-mail at contact@stopbadware.org.

A group registered in Russia and constantly moving around Scandavavia on a daily basis using the domain newtickepicker.com has hacked into many of the OpenX Ad servers including ours to insert a plug in.  It then places itself into a one pixel unit on a graphic position for an advertisement. The plugin is called "mergedDeliveryFunctions.php."

Update 3/22/10: A couple members of the community pointed out this recommendation to help protect OpenX Ad servers from being compromised in the future.

Tags: 
adnetworks, exploits, websites

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.