Another victory for ill-intentioned hackers and a blow for the security of open source systems: OpenX, the online and mobile advertising company that announced a $22.5 million fund raising just last month, says that it is closing down its OnRamp open source ad serving platform, after the service was hacked on February 9, and the company determined that it would be too risky and costly to continue using it securely.
The news was announced by OpenX on its public forum this morning, along with a longer explanation for the decision — however it looks like the decision to close down the service was noticed by at least one blog yesterday.
In brief, OpenX cites the effect on publishers and advertisers using the OnRamp platform; the fact that hacks of all sites are on the rise; and the “virtual impossibility of ensuring the continued security of OnRamp in an environment of increasingly sophisticated and powerful intrusions that exploit open source software.” It also makes a reference to the cost of trying to defend against something like this again in the future. Because of all that, “we have decided that we will no longer host and operate the OnRamp service,” the company writes.
OpenX does not say how many publishers and advertisers will be impacted by the decision; nor does it detail what information the hackers may have obtained when they infiltrated the site on February 9. We have reached out to the company to ask.
Unlike OnRamp, other services from OpenX like OpenX Market and OpenX Enterprise are paid; these will continue operating as before.
Except for a support page, links for OnRamp have disappeared from the OpenX site. However, OpenX says that it will reactivate the interface again today at 5pm so that customers can “view the status of their accounts and copy relevant information needed in order to transition their ad serving to another provider.” Advertising, however, will no longer be served. On March 22, OnRamp will be “terminated permanently.”
Although OpenX lays the blame squarely on the vulnerabilities of open source in a hackers’ world, it also makes the case for open source still being a worthwhile thing: “We have been long and proud supporters of the open source movement and we are deeply saddened that our OnRamp contribution to the movement must end due to this criminal activity,” the company writes.
This is not the first time that open-source-based services have been noted for being more vulnerable to hacking and malware. The same has been said of the Android mobile operating system for a while now (one of the more recent developments here).
Update: A reader asked me whether the fact that it was a free product influenced the decision to close down OnRamp. Without knowing hard user numbers it’s hard to say whether it was really a move to try to push more people to paid services, or whether the free OnRamp was cannibalizing the revenue-generating services. What is true is that, if OnRamp was free to use, then it woud have been hard to justify a move to making huge investments into making it more secure, if hacking had debilitated it and posed a security threat to those publishers and advertisers using it. On top of that, a hacked OnRamp represents bad PR for OpenX as a secure platform for serving any ads.
Full announcement below.
OnRamp, a free ad serving service based on open source code, was subjected to a serious malicious hacker intrusion on Saturday, February 9, 2013. After further review of the intrusion, other recent attacks on the service, the effect on our publishers and advertisers, the recent increased frequency of malicious hacking activity directed against technology companies of all types, the possibility of future intrusions through this open source service which could continue to jeopardize OnRamp customers, the virtual impossibility of ensuring the continued security of OnRamp in an environment of increasingly sophisticated and powerful intrusions that exploit open source software, and the resources we would be required to expend to maintain the security of the service, we have decided that we will no longer host and operate the OnRamp service. OnRamp, because it is based on open source software, has been subjected to attacks of significantly greater frequency and force than any of OpenX’s other products, including OpenX Enterprise and OpenX Market, which continue to meet high standards of security and reliability, and continue to operate normally.
We sincerely regret that the actions of a limited number of bad actors have forced us to terminate a service used for many years without cost by our valued customers. In order to facilitate customers’ transition to another service, we will be reactivating the user interface, but not advertising delivery, of OnRamp at 5:00 p.m. Pacific Time on Tuesday, February 12, 2013. Through the user interface, customers will be able to view the status of their accounts and copy relevant information needed in order to transition their ad serving to another provider. OnRamp, however, will no longer deliver advertising. The user interface will be available until Friday, March 22, 2013 at 5:00 p.m. Pacific Time, at which time OnRamp will be terminated permanently. We will post additional information in the days ahead to assist customers with the transition. If you have any particular questions regarding your OnRamp account, please email us at firstname.lastname@example.org.
We have been long and proud supporters of the open source movement and we are deeply saddened that our OnRamp contribution to the movement must end due to this criminal activity. We are grateful to our customers for using OnRamp for their ad serving needs, and apologize for the inconvenience caused by this necessary action.