Last Update November 14, 2020: We improved the overall article.
OpenX/Revive Adserver hacked & effecting malware is a common problem if you using serving ads via OpenX/Revive ad server system.
However, ad server needs a high-level security system . but the problem is many OpenX/Revive user don’t know fully secure the system.
In this time, the server is facing many attack MySQL injection, DOS attack fraud clicks or impression. but if you’re using Iframe tag to serving ads with a low-security level then you must face malware attack on your server.
However, to clean your hacked OpenX/Revive system, there are a lot of articles available on the internet.
Today in this article I’m going show you few steep to clean and secure your OpenX/Revive Adserver.
Hope you are Enjoy this article.
How to clean System
Backup Files : Download all files from FTP to your computer and scan them with antivirus.
If any of the files are marked as a threat, delete it from FTP instantly.
If it is possible, also backup your database to ensure calm upgrading.
Check for Backdoor : Access your server in FTP client application.
Search FTP for files that do not belong there. You can find them by their date of creation (file with a different date than others in the directory) or by obfuscated content in source files.
You can also compare your source codes with official installation and reveal newly added files. If you are using OpenX version 2.8.10, delete file “flowplayer-3.1.1.min.js” because it contains a backdoor.
Clean the Database: The first step is to change passwords both for admin and for a database, and also check if there are no unknown users.
If you found unknown user account remove the account first. Next, you must examine the tables “Banners” and “Zones” in the database.
Upgrade AdServer: Download the latest version of OpenX/Revive AdServer to your hard drive.
Follow the steps that you find in the article from the official pages about upgrading OpenX or Revive AdServer application.
Secure Server: After the upgrade you have only a few things to do. Check that the database and all users have their password unbreakable.
Do not use any passwords from before. Do not leave any installation or old files on FTP. Change the password to the FTP because hackers could discover it too.
As I see some of the server administrators think if they upgrade the system that problem will be solved automated.
But the thinking not Right, unfortunately, your update server are being effected after the complete up-gradation.you need to clean infection are complete.
Next, you must change your all password.
Malware Attack Solution
If you see your OpenX/Revive AdServer has been flagged and blocked due to the malware.
one thinks malware virus is effecting your system slowly.
I suggest shutdown your server immediately and doing in this article previews step. next,
If you see an alert in the browser to attack malware please don’t late after cleaning your system to requesting a malware review from Google and Bing to have the warning removed.
It should take no more than a day to be removed from Google’s malware blacklist after a review has been requested.