Zero Hour ATX/AT3 Hack ***Patch your scripts***
 

My apologies if this is a duplicate. I didn't see it on the first page.

If you are running ATX or AT3, please visit http://www.arrowscripts.com/patch.shtml.

Your system is only at risk if your signup forms are enabled.

Was it similar to the TM3 attack?

The only public info I've seen is that you should be on the look out for "strange" new trades that contain exploit code in the email sent to you when the new trades sign up.

thanks for the heads up
patched mine this morning, should have made a post myself

big heads up, hope they notified everyone by email

Cool..thanks for the info Spasmo

They did, in a way. I received notification via email, and though it was from Aheib, it was using the broadcast mailing list from another site you likely frequent.

Not sure if this affects other builds, but I just sent them an email:

Anyone using the CentOS 4 version of AT3 (at least) will see their admin works, but if they go to the settings page, it bitches about a missing file. This is (mostly) ok.

Create an empty file in notepad (or touch on UNIX), named 'informer.dat'. Upload or move to your at3-install/d directory. admin.cgi works again.

I'm betting they left debugging on by mistake; there's no use of 'd/informer.dat' in any previous build of admin.cgi.

It didn't happen to me on FC4, but he whipped those out in a hurry. He's getting some sleep before doing Mandrake and the others he didn't get to.

Thanks much for the tip. :thumbsup

thank god for http://www.swiftwill.com

If you upgraded to build 12 of at3 you should have the 'd/informer.dat'

bottom of the page http://www.arrowscripts.com/atl3_dl.shtml

:thumbsup

How strange; I checked my upgrade package, and nope, it wasn't in there. Guess I might have grabbed it at a slightly-off build? Who knows. Thanks for the head's up, it IS in this fresh download. Fixed, and reapplied the new CGIs.

rofl zero hour... sorry guys.. this is comedy