OpenX Ad Delivery System Exploits

ScottDaMan

ScottDaMan

New member
Mar 1, 2007
1,321
18
0
As we've seen, WickedFire was exploited via the OpenX ad baner delivery system.

According to posts on their forum, 2.8.4 was exploited when they thought they had it fixed with 2.8.3.

People are recommending setting up an apache http authentication on your admin panel folder to lock it out from public access.

I saw they've released 2.8.5 with no release notes.
Host OpenX Community with a preferred web host | OpenX

I know many use this system so I thought I'd make a separate thread.
 


kblessinggr said:
... they recommend dreamhost? seriously? your site would crash and burn with any significant amount of ad impressions.
Click to expand...

"Sign up today and take advantage of the OpenX oneclick install. Use the promo code "OpenX" to get $20 off your first year." - Because they get $77 for every signup. DH ended up getting some decent and affordable dedicated hosting recently: http://www.dreamhost.com/hosting-dedicated.html

Bought out a big stake in another company
 
papajohn56 said:
"Sign up today and take advantage of the OpenX oneclick install. Use the promo code "OpenX" to get $20 off your first year." - Because they get $77 for every signup. DH ended up getting some decent and affordable dedicated hosting recently: Web Hosting by DreamHost Web Hosting: Web Sites, Domain Registration, WordPress, Ruby on Rails, all on Debian Linux!

Bought out a big stake in another company
Click to expand...

I'd never go back to them though, I had to deal with their horrible support for over 2 years. And their "Dreamhost PS" private server was a joke.
 
LazyHippy said:
Wishful thinking I know but it would be great if it could be shared with the WF community. I bet a lot of us are looking for OpenX replacements.
Click to expand...

Are you? I have a semi-ready ad system that we've been developing, do you think there would be demand for it?
 
I'm just about to install OpenX. I'm looking to deliver 15-20 million impressions a month to start.

What complaints do you have with OpenX?

A custom solution would be great but if you have complaints about OpenX, how many bugs and features could be expected from a system that doesn't have nearly as many development hours and installations as OpenX?
 
i'm puzzled how OpenX could still be so vulnerable, yet i'm not surprised.

the ONLY time i ever had a box compromised in my life, was because i had a dormant installation of phpAdsNew (aka. OpenX today) sitting in a subdirectory of an inactive domain.

after seeing this now, i'm not going anywhere near it again.
 
Since they can't seem to go very long without rebranding and changing their name, I've suggested to them OpenlyXploitable
 
HardSale said:
I'm just about to install OpenX. I'm looking to deliver 15-20 million impressions a month to start.

What complaints do you have with OpenX?

A custom solution would be great but if you have complaints about OpenX, how many bugs and features could be expected from a system that doesn't have nearly as many development hours and installations as OpenX?
Click to expand...

The complaint is that apparently, it has holes like swiss cheese, and the developers are undertaking no effort whatsoever to fix what's most important (the "swiss" in "cheese"). Just what OP said actually.

Also, there are quite a few threads on here from people who used it in the past and abandoned it because it just sucked across the board, and was totally buggy. Add security concerns to that and you got yourself a winner.
 
I know that 3 years ago openx (at the time was openads) was opening an instance to DB for every session - which pretty much fucked up the server time and time again.

I do wonder what is below system...
Stanley said:
We're switching to our own homegrown platform from here on out.
Click to expand...

Stanley?
 
You must log in or register to reply here.
Top Bottom