OpenX Source security update

Earlier today, OpenX Ltd. released a new version of the OpenX Source ad server software. This is version 2.8.11. I wrote about it in a blog post “OpenX Source v2.8.11 released for download“.

If you’ve outsourced the hosting of your OpenX Source ad server system to us, you may be wondering if this matter affects your company’s ad server. Fortunately, all of our customers are safe.

According to most reports, the download package of OpenX Source v2.8.10 that can be downloaded from their site was modified by an outsider some time in November 2012. OpenX Source v2.8.10 was initially released in September 2012, and we downloaded it immediately following its release. Therefor, our base package was and still is unaltered.

As soon as we noticed the first reports about the security incident last Monday, we checked the software package we use to setup new instances or to upgrade customers after they migrate to us. We can confirm that our package is clean.

Even if we would have been exposed to this, we would have noticed any form of unanticipated activity immediately. We have a combination of methods and sub systems that constantly monitor and validate all of the ad server instances we run for our customers. Anything out of the ordinary would have raised an alert right away. For obvious reasons, we are unable to provide details about our intrusion detection methods.

If you have any questions or concerns about this issue or about the safety and security of your ad server system in general, please don’t hesitate to contact your services representative. We will be glad to provide more information in a personal conversation.

As a result of this week’s news reports, we’ve received a few inquiries from companies that currently have a self-hosted OpenX Source ad server, and are considering to migrate to a high availability, high performance platform like ours. Please refer to the page on OpenX Source hosting for more information and a contact form.

Share this on:
  • Twitter
  • Facebook
  • LinkedIn
  • email
About Erik Geurts - OpenX Source Specialist

Find out more about me on my profile page on Google+