OpenX.org compromised and downloads injected with a backdoor

the openx team has unfortunately a long history for not really caring about bugs in their opensource offering.<p>a few years ago, i had to maintain an openx installation and found quite a few critical bugs, for which i submitted patches to their then-active jira bugtracking. as far as i know, the bugs are still in the &quot;current&quot; 2.8.10 release.<p>the opensource version was unofficially abandoned when the Enterprise editions where announced - without really telling the users that they would not maintain it anymore.<p>i&#x27;m not at all surprised about the new problems and their lack of communication.

If you were using OpenX at one time and never removed it from your webserver, you can consider yourself compromised. Get that shit removed.

I suspect this goes back longer than 7 months ago. I saw a customer site using openx with constant unusually high CPU usage over 1 year ago. It was also running a custom drupal and I didn&#x27;t get a chance for a close look but I suspect the openx was compromised, as even with low visitor nos to drupal and caching it was using high CPU constantly. Thank goodness the server has now been replaced and the data migrated to another system... In the logs for months after replacing the site I saw odd requests for long openx urls, so it was probably serving up files for someone, and google had over 100,000 urls indexed...

I&#x27;m not surprise at all.<p>Their products are a bit shotty and so is their website. I can go on and point out even more problems with their websites... but that would be consulting.<p>I applied there and got shot down, it seems like they only hired people from prestige university (caltech, stanford, etc..). This view is also backed by a few reviews on indeed. They&#x27;re very smart and create some very very unique stuff (rolled their own db on top of riak, live auctions, erlang), unfortunately all those awesome algorithms doesn&#x27;t help their shotty products.

I understand the concerns brought up in this thread as I experienced some of them myself in the past; but what good open source&#x2F;free software can you recommend to replace OpenX?

OpenX downloads are not working on OpenX web site, e.g. <a href="http://download.openx.org/openx-2.8.10.zip" rel="nofollow">http:&#x2F;&#x2F;download.openx.org&#x2F;openx-2.8.10.zip</a>

How does PHP code inside a JS file get executed? Sounds to me like that&#x27;s not the only problem in the code...