Web sites distribute malware via hacked OpenX servers
The vulnerability in the free OpenX ad server made public on Monday is already being actively exploited to distribute malware. According to press reports, a server that provides The Pirate Bay with ad banners was hacked, but browsers that use Google's Safe Browsing API to reach the site are warned that it has dangerous content.
A similar thing happened to the humoristic site esarcasm.com, and the entertainment portal AfterDawn's OpenX AdServer also fell victim to an attack. In the latter case, only a few files were damaged, preventing ads from being sent out altogether.
According to the OpenX project, DDoS attacks have also since occurred on the web server, the blog, and the forum. Nonetheless, all of the services are currently still reachable. It is not clear why these attacks are taking place. At present, there is still no warning on the project's web site or at the OpenX blog about the vulnerability in the software.
The problem is the result of a component integrated in OpenX's video plug-in, from a third-party, which allows images to be uploaded. In December 2009, the module "ofc_upload_image.php was" introduced, and it does not check who is uploading what to the server. As a result, executable scripts can be saved and executed on the server.
Administrators can solve the problem easily by deleting the file admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php if they do not need the module. Otherwise, access can always be limited on the Apache web server with htaccess.
- Year-old vulnerability endangers OpenX ad server, a report from The H.