Openx has been a pain in my ass for some time now (5 years). Even if you have the latest most up to date software release, you will still get append and prepend infections. I’m not sure if it comes from client browsers when they log in or some other reason. What I can assure you is that the file system in which openx resides is as secure as it can be while leaving openx functional (all files are owned by a different user than the web server process and are only readable by the web server. All directories, except two, are also owned by a different process than the web server and are read only….while two have to be writable by the web server process. The lamp stack is also up to date.). Anyways, even with these restrictions, clean code, clean db, limited plugins, and even checked the meta data of all image files for backdoors (I first learned about this technique in approx 2010 but here is an article from 2011 detailing this – PHP Code into JPEG Metadata: From hide to unhide ) we still get an occasional append/prepend infection.
How to stop it? This is pretty easy, I simply wrote a script that checks for append/prepend problems, logs if clean, logs and alerts if infected, and also disinfects. This only works, if the append and prepend is NOT being used in your ads.