Malware Warning on cmsmadesimple.org
Malware Warning on cmsmadesimple.org
This morning I awoke to find that all of the cmsmadesimple.org sites were blocked for possible Malware distribution from Google. Of course, since all browsers now check for this, the world was immediately given a warning about possible security issues with our site, software and/or infrastructure. As the person that's in charge of keeping the servers running, and hoping that we didn't have a security flaw in CMS Made Simple, I jumped in to figure out where the issue was. Read More...
Category: Community, General
Posted: February 8, 2011 by ted
This morning I awoke to find that all of the cmsmadesimple.org sites were blocked for possible Malware distribution from Google. Of course, since all browsers now check for this, the world was immediately given a warning about possible security issues with our site, software and/or infrastructure. As the person that's in charge of keeping the servers running, and hoping that we didn't have a security flaw in CMS Made Simple, I jumped in to figure out where the issue was. 
Luckily, the Google alert gave us the URLs of the supposed malware, which made things incredibly easy to search for. It took a minute or two to narrow the issue down to our ad server. We use the OpenX ad server, which is an open source ad serving platfrom. In the past, it's been very reliable. We ran it for about two years without any updates and never had any issues with security. 
When we relocated web1 (our server with www, forum, wiki and themes) to a new server last month, we were forced to upgrade OpenX to the latest release because of incompatibilities with the new version of PHP (5.3.3) that we ran on the new server. Â Apparently, it took about 2 weeks for the new OpenX version to be hacked. After I moved the ad server and removed all the links to it from our website(s), I did some quick research and found that other people were having the same issue as well. There has been no response, only that their "enterprise" version is safe and secure. While it's not my intent to bash other open source software packages, it's come to my attention that we need to move to something else as it doesn't seem like the open source version is really supported anymore. Leaving known open security flaws for that long is unacceptable, as it just does a great disservice to the Internet as a whole. So, to recap: CMS Made Simple does not have a new security flaw. The issue comes from our ad serving platform, which has been removed, and will be replaced with something else as soon as possible. All of our site are safe to browse now. I've submitted the site for review in Google's Webmaster tools and hopefully it is resolved soon. Thanks for your patience!
Luckily, the Google alert gave us the URLs of the supposed malware, which made things incredibly easy to search for. It took a minute or two to narrow the issue down to our ad server. We use the OpenX ad server, which is an open source ad serving platfrom. In the past, it's been very reliable. We ran it for about two years without any updates and never had any issues with security. When we relocated web1 (our server with www, forum, wiki and themes) to a new server last month, we were forced to upgrade OpenX to the latest release because of incompatibilities with the new version of PHP (5.3.3) that we ran on the new server. Â Apparently, it took about 2 weeks for the new OpenX version to be hacked. After I moved the ad server and removed all the links to it from our website(s), I did some quick research and found that other people were having the same issue as well. There has been no response, only that their "enterprise" version is safe and secure. While it's not my intent to bash other open source software packages, it's come to my attention that we need to move to something else as it doesn't seem like the open source version is really supported anymore. Leaving known open security flaws for that long is unacceptable, as it just does a great disservice to the Internet as a whole. So, to recap: CMS Made Simple does not have a new security flaw. The issue comes from our ad serving platform, which has been removed, and will be replaced with something else as soon as possible. All of our site are safe to browse now. I've submitted the site for review in Google's Webmaster tools and hopefully it is resolved soon. Thanks for your patience! 
