Hello Mates,
I was wondering how to install the available security protocols for the version 2.4.8.1
We have recently had some hacker attacks so would like to use all the available security tools.
Thank you in advance.
Hi @john2,
All you should need to do to keep your system secure is…
- Make sure you’re following the guidlines in the Recommended Configuration section in
docs/README - Watch for security issues to be announced. Currently these are listed on the download page, e.g. https://pkp.sfu.ca/ojs/ojs_download/ for OJS.
If you can describe the attacks, I may be able to give more concrete advice.
Regards,
Alec Smecher
Public Knowledge Project Team
Dear Alec,
Thank you for your agility. It is really appreciated.
- It seems like the hackers present them as some “Indonesian Liberty Sindicate”
- They are randomly removing file from some website folders.
- Removing or modifying index.php file
- Installing the following: idx_cgi folder,
idx_config folder, adminer.php in several places.
We have changed the location of files folder and it is not at the same place as the root of the website.
However, they still installed the above mentioned.
Hi @john2,
Did you previously have your files_dir in the web root or a subdirectory of it? It’s likely that a backdoor was installed through the files_dir at that point – I’d suggest using a tool like diff to comprehensively compare your codebase against the stock OJS version in order to ensure that everything is clean.
We’re not currently aware of any security issues with OJS 2.4.x that would permit an incursion like you describe through another means, but of course if you’re able to determine more, please let me know.
Regards,
Alec Smecher
Public Knowledge Project Team