OpenX Source 2.8.9 is now available, this release addresses recent reported security issues in the OpenX Source application.
All users should upgrade to this version and perform a security audit to help ensure they keep their system secure.
- Check for any rogue admin users (http://<your_admin_domain>/www/admin/admin-access.php).
- You can also check for any recently changed files, if you have shell access, you can use the “find” command to look for any files modified recently
- e.g. “find /path/to/openx/www /path/to/openx/plugins -mtime -7″ will find any files in those folders which were modified within the last 7 days.
- If you find any unexpected files recently modified (especially .php files) remove them before performing the upgrade.
More information on performing a security audit can be found in this post.
To upgrade your system:
- Downloaded OpenX Source 2.8.9 from here
- Follow the upgrade guide to upgrade your system.
- Once you have upgraded, you can remove write access to your config files (/path/to/openx/var/*.conf.php), to help keep your system secure.