HACKED: How to Remove ATX2 Tradescript Hack? 2nd click out goes to HACK.
 

People using ATX 2. This seems to be common among not just ATX but other trade scripts as well. There is a hack that a hacker puts into out.cgi in trade script that when the surfer clicks twice it goes to the hackers desired site..

Ive dealt with this before with old trade scripts and removed them without problem. Normally you can see a file installed that doesnt look right in the trade script folder.

This time its a little more complex.

What's strange is we've even changed out the versions of the script.

and anyone know how they get in to do this in the first place?
I always run the latest version.

Are they getting in via an old version with a hole in php? Apache? OS??

bump bump

Anal Probe is fucking with your script again?
Bustard. :2 cents:

Lots of scripts getting hacked :\

wipe the server and reinstall everything.

what he said if nothing helpes, who knows where is vulnerability on

wipe it if you cant block it

If the peeps at Arrow Scripts don't have the answers on how to fix and prevent this problem than I'd be changing to a different trade script.

My only advice would be...

Stop using software that gets hacked and has no support to fix it:)

have your host clean it. i had two sites hacked with arrow scripts :(

dynamite the server. start over.

time for a new trade script

Not mine since i applied simple security trick :)

You should host your box with Critical.net. We would, as your host, have tracked that down and locked down the box for you.

Just sayin' - Your host should be checking that out for you.

what is that?

I wouldn't be jumping up and down about ATX just yet. You don't know for sure whether the trade script itself is vulnerable, or the hacker is getting in some other way and simply using the trade script as a redirect point (which is common, since that's where all clicks go...)

Ask Vince Russo or Anal Hobbitt.

You simply need to disable tmp folder to execute.