User identification when publishing a issues

Hi @alexpineda,

You might be encountering something like what’s described on this thread. We’re aware of automated attacks using known issues in older releases of OJS 3.3.0-x; I’d strongly suggest upgrading to the latest 3.3.0-x release – this should simply be a matter of updating the code – then making a couple of further checks:

  • Review your journal settings for any unexpected Javascript (e.g. by checking journal_settings in the database)
  • Review your installation codebase for any unexpected files (search the forum for diff to find some recommendations, or find some general guides on e.g. StackOverflow) – in particular, look for unexpected plugins
  • Check to ensure that your files_dir is not publicly web-accessible; this is the most common way that OJS installations are attacked
  • Change any Journal Manager or Administrator account passwords

Regards,
Alec Smecher
Public Knowledge Project Team