Technical Solution

How to upgrade from OpenX Source 2.8.11 to Revive Adserver 3.2.0

Deepa.n | | 2 min read

One of our clients had a security issue with their Ad Server. The OpenX Ad Server has been reported with a Remote Code Execution Vulnerability for the version OpenX-2.8.10. Since the OpenX Ad Server downloads contain backdoor.

public_html/etc/plugins/openXVideoAds.zip: Backdoor.OpenX.CVE_2013_4211 FOUND
public_html/plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js: Backdoor.OpenX.CVE_2013_4211 FOUND

Even the next higher version OpenX-2.8.11 didn't rescue us. Also there was a Zero Day Vulnerability reported for OpenX-2.8.11. Hence we decided to upgrade the Ad server to Revive Adserver 3.2.0. Both share the same origin and Revive Adserver offers a full upgrade path from OpenX.

Here are the steps:

Step 1: Download Revive Adserver 3.2.0 release package from http://www.revive-adserver.com/ to your local machine.

Step 2: Prepare to install

  1. Backup your current OpenX code in LIVE server.
  2. Make a copy of your current Database and name it say, 'db_adserver_320'.
  3. Create a new folder say, 'adserver_new' in public_html/ (or in root folder).
  4. Upload the Ad Server 3.2.0 to server and uncompress it to the folder - public_html/adserver_new/.
  5. Copy all images from public_html/www/images/ to public_html/adserver_new/www/images/.
  6. Now, copy the configuration file - YourDomainName.conf.php from public_html/var/ to public_html/adserver_new/var/.
  7. Then edit the file - public_html/adserver_new/var/YourDomainName.conf.php and set the database name as 'db_adserver_320'.
  8. Create a file named “NOBACKUPS” in the folder - public_html/adserver_new/var/to prevent creating additional backup tables.

Step 2: Install Revive Ad Server

  1. Now, run http://domain.com/adserver_new/ in your browser.
  2. Follow the simple upgrading steps presented on screen.

Please note:

  1. In the second upgrading step, you will have to login by entering your Adserver administrator user name and password.
  2. After the final step, your browser may be redirected to the original URL of your Adserver installation instead of 'public_html/adserver_new/'. You can then just insert the '/adserver_new/' part to the URL to see the proper page.

Step 1:

opnx1.png

Step 2:

opnx2.png

Step 3:

opnx3.png

Step 4:

opnx4.png

Step 5:

opnx5.png

Once you're done with your checks whether everything is running fine, swap your ad server code. Move your existing ad server code to a sub folder say, ‘adserver_old’ and copy the new version from 'public_html/adserver_new/' to 'public_html/'.

Finally, change the permissions of the file - 'public_html/var/YourDomainName.conf.php' from ‘777’ to ‘644’.
This will ensure security of the configuration.

Hope this helps.

 

 

Related Topics