HACKED: How to Remove ATX2 Tradescript Hack? 2nd click out goes to HACK. - GoFuckYourself.com

boneprone · 06-21-2011, 08:39 AM

People using ATX 2. This seems to be common among not just ATX but other trade scripts as well. There is a hack that a hacker puts into out.cgi in trade script that when the surfer clicks twice it goes to the hackers desired site..

Ive dealt with this before with old trade scripts and removed them without problem. Normally you can see a file installed that doesnt look right in the trade script folder.

This time its a little more complex.

What's strange is we've even changed out the versions of the script.

boneprone · 06-21-2011, 08:40 AM

and anyone know how they get in to do this in the first place?
I always run the latest version.

Are they getting in via an old version with a hole in php? Apache? OS??

Juicy D. Links · 06-21-2011, 08:47 AM

bump bump

Just Alex · 06-21-2011, 09:49 AM

Anal Probe is fucking with your script again?
Bustard.

cybermike · 06-21-2011, 09:52 AM

Lots of scripts getting hacked :\

GrouchyAdmin · 06-21-2011, 09:52 AM

u-Bob · 06-21-2011, 09:52 AM

wipe the server and reinstall everything.

seeandsee · 06-21-2011, 10:03 AM

Quote:

Originally Posted by u-Bob

wipe the server and reinstall everything.

what he said if nothing helpes, who knows where is vulnerability on

Phoenix · 06-21-2011, 10:06 AM

wipe it if you cant block it

Qbert · 06-21-2011, 10:07 AM

If the peeps at Arrow Scripts don't have the answers on how to fix and prevent this problem than I'd be changing to a different trade script.

ThatOtherGuy - BANNED FOR LIFE · 06-21-2011, 10:16 AM

My only advice would be...

Stop using software that gets hacked and has no support to fix it

brassmonkey · 06-21-2011, 10:21 AM

have your host clean it. i had two sites hacked with arrow scripts

Agent 488 · 06-21-2011, 10:21 AM

dynamite the server. start over.

KillerK · 06-21-2011, 10:50 AM

time for a new trade script

Klen · 06-21-2011, 11:30 AM

Quote:

Originally Posted by cybermike

Lots of scripts getting hacked :\

Not mine since i applied simple security trick

critical · 06-21-2011, 02:36 PM

You should host your box with Critical.net. We would, as your host, have tracked that down and locked down the box for you.

Just sayin' - Your host should be checking that out for you.

96ukssob · 06-21-2011, 02:38 PM

Quote:

Originally Posted by KlenTelaris

Not mine since i applied simple security trick

what is that?

rowan · 06-21-2011, 06:22 PM

Quote:

Originally Posted by Qbert

If the peeps at Arrow Scripts don't have the answers on how to fix and prevent this problem than I'd be changing to a different trade script.

I wouldn't be jumping up and down about ATX just yet. You don't know for sure whether the trade script itself is vulnerable, or the hacker is getting in some other way and simply using the trade script as a redirect point (which is common, since that's where all clicks go...)

MrBottomTooth · 06-21-2011, 07:50 PM

Ask Vince Russo or Anal Hobbitt.

Klen · 06-22-2011, 02:28 PM

Quote:

Originally Posted by bossku69

what is that?

You simply need to disable tmp folder to execute.

06-21-2011, 08:39 AM	#1
boneprone Hall Of Fame Industry Role: Join Date: Jan 2001 Location: Portland Oregon USA Posts: 34,415	HACKED: How to Remove ATX2 Tradescript Hack? 2nd click out goes to HACK. People using ATX 2. This seems to be common among not just ATX but other trade scripts as well. There is a hack that a hacker puts into out.cgi in trade script that when the surfer clicks twice it goes to the hackers desired site.. Ive dealt with this before with old trade scripts and removed them without problem. Normally you can see a file installed that doesnt look right in the trade script folder. This time its a little more complex. What's strange is we've even changed out the versions of the script. __________________ Industry Hall Of Fame Legend Mike Jones Bow to the Power - Still BP4L http://gfyawards.com/hall-of-fame Learn about it kids.

06-21-2011, 08:40 AM	#2
boneprone Hall Of Fame Industry Role: Join Date: Jan 2001 Location: Portland Oregon USA Posts: 34,415	and anyone know how they get in to do this in the first place? I always run the latest version. Are they getting in via an old version with a hole in php? Apache? OS?? __________________ Industry Hall Of Fame Legend Mike Jones Bow to the Power - Still BP4L http://gfyawards.com/hall-of-fame Learn about it kids.

06-21-2011, 09:49 AM	#4
Just Alex Liv Benson to You, Bitch Industry Role: Join Date: Aug 2007 Location: Maryland and WV Posts: 6,060	Anal Probe is fucking with your script again? Bustard. __________________

06-21-2011, 09:52 AM	#5
cybermike Confirmed User Join Date: Jan 2002 Location: Ny Posts: 4,109	Lots of scripts getting hacked :\ __________________ Hey surfers how about some The Best Porn Sites

06-21-2011, 09:52 AM	#6
GrouchyAdmin Now choke yourself! Industry Role: Join Date: Apr 2006 Posts: 12,085	__________________ AIM: GrouchyGfy

06-21-2011, 08:47 AM	#3
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992	bump bump

06-21-2011, 09:52 AM	#7
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	wipe the server and reinstall everything.

06-21-2011, 10:06 AM	#9
Phoenix BACON BACON BACON Industry Role: Join Date: Nov 2002 Location: Poems everybody, the laddie fancies himself a poet Posts: 35,457	wipe it if you cant block it __________________ Skype Phoenixskype1 Telegram PhoenixBrad https://quantads.io

06-21-2011, 10:07 AM	#10
Qbert Confirmed User Industry Role: Join Date: Jun 2004 Location: Dark Side of the Moon Posts: 813	If the peeps at Arrow Scripts don't have the answers on how to fix and prevent this problem than I'd be changing to a different trade script.

06-21-2011, 10:16 AM	#11
ThatOtherGuy - BANNED FOR LIFE So Fucking Banned Industry Role: Join Date: Apr 2011 Posts: 1,241	My only advice would be... Stop using software that gets hacked and has no support to fix it

06-21-2011, 10:21 AM	#12
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 77,055	have your host clean it. i had two sites hacked with arrow scripts __________________ TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

06-21-2011, 10:21 AM	#13
Agent 488 Registered User Industry Role: Join Date: Feb 2006 Posts: 22,511	dynamite the server. start over.

06-21-2011, 10:50 AM	#14
KillerK Confirmed User Join Date: May 2008 Posts: 3,406	time for a new trade script

06-21-2011, 02:36 PM	#16
critical Confirmed User Join Date: Aug 2009 Posts: 478	You should host your box with Critical.net. We would, as your host, have tracked that down and locked down the box for you. Just sayin' - Your host should be checking that out for you.

06-21-2011, 07:50 PM	#19
MrBottomTooth Confirmed User Join Date: Sep 2009 Posts: 5,795	Ask Vince Russo or Anal Hobbitt. __________________ Get Paid Per Email Like The WEGCASH Days!!!!