OpenX 2.8.2 missing statistics – solution

UPDATE 25/11-2010:

You should upgrade to 2.8.7 (even if using 2.8.5) asap. You can download it here: http://download.openx.org/openx-2.8.7.zip.

The 2.8.5 has some serious security-holes, that could lead to cross-site script-injections (and even worse stuff). I know — since the installation, I was working with (2.8.5), was – in fact – compromised. If 25/11-2010 is a long time ago, you might check http://openx.org/ for an even more recent version.

————————————————

 

(Scroll down for the no-bull solution)

On a site, I’m working on, the statistics page in the administration-section of an OpenX-installation (2.8.2 on php/IIS, Windows Server 2008) a few weeks ago stopped displaying anyting. It looked like this:

2010_4_2010-04-26_2251

– which sucked. So I asked google and tried a number of possible solutions, like e.g.:

 

  • upgrading OpenX to latest version, as of writing this blogpost ver. 2.8.5 2.8.7
  • traversing log-files, looking for possible damaged MySQL tables and the like
  • executing “repair” on all MySQL tables, just because, hey…
  • drank some wine, went to bed, woke up, yelled at my laptop
  • googled some more
So, here’s what I think happened.
I found the following in the debug log (/var/debug.log):

– and then in the user log in the app itself (and this looked quite serious), something like Installer inserted user “adm” (#57).

Now, I’m not certain of this – some ppl think, it has to do with some security-style exploit in the php-code, that at least in 2.8.2 was present (I’m actually not even sure, if this supposed hole has been patched as of writing this post It has now as of 2.8.7 (25/11-2010)). Anyhow, I discovered that the /www/admin/install.php had not been deleted from my installation in question, which the setup-instructions do clearly state, btw, you should do. So my theory was, that someone (script, monkey, chinese haxor) had re-run the installation-script, creating a (duplicate) administrator-account, and that this would mess up everything.
As it turned out, a duplicate administrator-account had in fact been created. And having duplicate administrator-accounts seems to really suck in OpenX – so:

Solution

(I’m assuming, you know how to execute SQL on a MySQL server instance. Otherwise, you should really call someone now, who does)

 

  1. Delete a possible duplicate administrator-account from the “ox_accounts” table. It will have an account_type with value ADMIN. The one you want to delete, is most likely the one with the higher ID. Your “real” admin-account will probably have id = 1, as this is the first account that is created upon installation. But: please check.
  2. Goto table “ox_application_variable” and set the value of the variable “admin_account_id” to that of your primary (and only!) administrator-account (most likely ‘1’, see above). The SQL for this would be “update ox_application_variable set value = 1 where name =’admin_account_id’;
This did the trick for me – the stats are back! One could wonder, why the rest of the OpenX instance except the statistics works fine, even though it’s basically been compromised. I choose to close the case here.

 

Kudos to the Greg-guy in this thread:

http://forum.openx.org/index.php?showtopic=503470661

 

NB: There might be other reasons as to why the stats might not show in OpenX. If you run into some other possible solutions, feel free to drop a link in the comments. Thank you.

Join the conversation

  • Mozoot - 6 years ago

    Great post!!!, thanks

  • Juan Carlos Sosa - 5 years ago

    Excelent, you saved my life, great post

  • room34 - 5 years ago

    Brilliant. I’ve spent the past several days troubleshooting missing stats in OpenX, before hitting upon this (the duplicate administrator account) as the solution. (Sadly, this happened once before, but I hadn’t made notes and couldn’t remember that this was the solution then, too.)

    I’m pretty sure my installation of OpenX did NOT get hacked, at least not this time. It was working fine until I ran a maintenance script on my CMS which inadvertently wiped out the OpenX files on the server. It was after I reinstalled OpenX that this problem cropped up. I’m fairly certain that the duplicate administrator account was created by the OpenX installer when I ran it against the existing database. Not a good situation, and it leaves me with a couple of questions only the OpenX team can answer: 1) why does the installer do this, and 2) why does the duplicate administrator account (apparently) ONLY affect stats? I’m going to explore these questions in a blog post of my own later today.

    Thanks for this post! It saved me a ton of work; I just wish I had found it last week.