How to upgrade from OpenX Source 2.8.11 to Revive Adserver 3.2.0
One of our clients had a security issue with their Ad Server. The OpenX Ad Server has been reported with a Remote Code Execution Vulnerability for the version OpenX-2.8.10. Since the OpenX Ad Server downloads contain backdoor.
public_html/etc/plugins/openXVideoAds.zip: Backdoor.OpenX.CVE_2013_4211 FOUND
public_html/plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js: Backdoor.OpenX.CVE_2013_4211 FOUND
Even the next higher version OpenX-2.8.11 didn't rescue us. Also there was a Zero Day Vulnerability reported for OpenX-2.8.11. Hence we decided to upgrade the Ad server to Revive Adserver 3.2.0. Both share the same origin and Revive Adserver offers a full upgrade path from OpenX.
Here are the steps:
Step 1: Download Revive Adserver 3.2.0 release package from http://www.revive-adserver.com/ to your local machine.
Step 2: Prepare to install
- Backup your current OpenX code in LIVE server.
- Make a copy of your current Database and name it say, 'db_adserver_320'.
- Create a new folder say, 'adserver_new' in public_html/ (or in root folder).
- Upload the Ad Server 3.2.0 to server and uncompress it to the folder - public_html/adserver_new/.
- Copy all images from public_html/www/images/ to public_html/adserver_new/www/images/.
- Now, copy the configuration file - YourDomainName.conf.php from public_html/var/ to public_html/adserver_new/var/.
- Then edit the file - public_html/adserver_new/var/YourDomainName.conf.php and set the database name as 'db_adserver_320'.
- Create a file named “NOBACKUPS” in the folder - public_html/adserver_new/var/to prevent creating additional backup tables.
Step 2: Install Revive Ad Server
- Now, run http://domain.com/adserver_new/ in your browser.
- Follow the simple upgrading steps presented on screen.
Please note:
- In the second upgrading step, you will have to login by entering your Adserver administrator user name and password.
- After the final step, your browser may be redirected to the original URL of your Adserver installation instead of 'public_html/adserver_new/'. You can then just insert the '/adserver_new/' part to the URL to see the proper page.
Step 1:
Step 2:
Step 3:
Step 4:
Step 5:
Once you're done with your checks whether everything is running fine, swap your ad server code. Move your existing ad server code to a sub folder say, ‘adserver_old’ and copy the new version from 'public_html/adserver_new/' to 'public_html/'.
Finally, change the permissions of the file - 'public_html/var/YourDomainName.conf.php' from ‘777’ to ‘644’.
This will ensure security of the configuration.
Hope this helps.