How to fix hacked OpenX server?

Question

A client of mine has had his OpenX ad server hacked.

This is the issue, there are 4 ads in a vertical stack, the 3rd one is hijacked and replaced by a different ad, a sky ad.

I've tried searching the entire database including all prepend and append fields for various strings, even the smallest strings that could identify the source of the hack. I've done grep searches of the entire ad server directory, and even the entire website, every file type, everything.

I can't even upgrade the ad server, it doesn't seem to fix the issue, I've tried, and doing stuff like that's really awkward, doing it remotely via RDP.

Here's a screenshot,

Also, here's the website.

If anyone doesn't mind taking a look, if you see the "sky" and on the right column, or any animated ad that doesn't quite match the size, border formatting, that's the hacked ad. If it disappears after a couple of refreshes, you need to delete cookies and it should reappear.

If anyone has any other ideas, I'd appreciate it very much.

Answer 1

It turned out to be a setting deep inside an advertiser's configuration which in previous versions was unchecked by default, this version it is checked by default. The checkbox substitutes your own ads with openx market ads if the payment per click is higher. We've unchecked the box and it's fixed.