Sunday, February 10, 2013

Malware attack takes OpenX OnRamp offline and raises concerns for the future

I really like OpenX and have recommended the ad platform for years. I'm frustrated with OpenX today, though, for distributing malware, disabling all my ads and remaining quite about it.

Despite trying to attack my precious blog community with a virus and costing me money by killing the ad serving, OpenX are doing the right thing. The frustration comes from a lack of communication and a worry that the future of their self service OnRamp system is in doubt.

OpenX are doing the right thing because if your ad delivery system becomes a malware delivery system you have to shut it down.



OnRamp is a system which allows webmasters, bloggers running quality but niche sites, all the way up to businesses to manage their ad deployment. With OpenX site owners can target different geographical regions with different ads, produce automated reports for ad buyers, set frequently caps and otherwise run a professional ad funded site. This is all free.

Until this month OpenX had a number of ways to make money from this free service.

The first revenue model was OnRamp's integration with the OpenX market. This allowed site owners to set a pricing structure that let bidders come in, offer a high enough CPM and display their ads instead of the sites house ads. OpenX is part of the RTB and ad exchange world.

I found OpenX especially useful for the bloggers. Bloggers could produce house ads (such as follow me on Twitter badges) or, better still, drop in affiliate placements as default and then enjoy the natural evolution towards CPM as and when their blog grew.

This worked well for advertisers too because it was a scalable and cost effective way of advertising across lots of relatively small but high quality sites.

OpenX will change this set up this month. OnRamp users will no longer automatically be part of of the Marketplace. As an OnRamp user I know this is happening but I can't tell you why.

There are still ways in which OpenX can find value in running a free service like OnRamp without the market place.

The Ad Exchange could, should, be using the tech of their free ad delivery service to cookie drop and collect data. This is exactly the sort of data that will greatly improve their other services.

OpenX have significant market share in this area. I've twice been approached by their sales team to see whether my impressions total was far off the requirements for their managed, meatier, service. In other words, OnRamp allows OpenX to scoop up young and growing sites and gives the ad platform early access to these success stories.

The question is, of course, whether the benefits of running OnRamp for free outweighs the costs if OnRamp becomes the target of malware vendors.

It may well be that ring fencing the market place means OpenX can take a more robust approach to weeding out malicious ads, the usual tactic to trick a large ad network into distributing malware. That maybe so but this weekend's outage doesn't feel like a case of a few bad ads because the whole platform has been offline for a day.

I guess we'll just have to wait and see. OpenX competitors will be watching too.

Update: Oh dear, doesn't look good. A 4am update on the forums from OpenX;

OpenX’s security team is committed to the security of our services. OpenX OnRamp is a no-cost SaaS service based on our open source ad serving product (unlike our other enterprise grade offerings which run on a separate code base), which we have run as a free service to the community.

OnRamp has been the subject of escalating hacker activity in recent months, culminating in a serious attack that occurred Saturday, February 9, 2013. We have made the difficult decision to suspend the OnRamp service to protect our customers as we investigate the breach further and assess the ability of the OnRamp service to withstand future threats. At this time, we cannot predict when, or whether, the OnRamp system will be operational again.

We will post additional information in this forum as it is available. We sincerely apologize for any inconvenience caused. Other OpenX services, including OpenX Enterprise and OpenX Market, continue to operate normally.

blog comments powered by Disqus