In my journal using OJS 3.3.0-16, an issue was published in a corrupted way, and I would like to know if it is possible to identify which user generated and published the issue. Is it possible to publish issues through the API, and under what conditions?
Hi @alexpineda,
You might be encountering something like what’s described on this thread. We’re aware of automated attacks using known issues in older releases of OJS 3.3.0-x; I’d strongly suggest upgrading to the latest 3.3.0-x release – this should simply be a matter of updating the code – then making a couple of further checks:
- Review your journal settings for any unexpected Javascript (e.g. by checking
journal_settingsin the database) - Review your installation codebase for any unexpected files (search the forum for
diffto find some recommendations, or find some general guides on e.g. StackOverflow) – in particular, look for unexpected plugins - Check to ensure that your
files_diris not publicly web-accessible; this is the most common way that OJS installations are attacked - Change any Journal Manager or Administrator account passwords
Regards,
Alec Smecher
Public Knowledge Project Team