Hi,
I’m one of the editors for my journal and speaking on behalf of the webmaster. We have been receiving reports of potential participants in our journal’s first issue that lead to an interminable loading screen and I have also been unable to access submissions and all the components on the dashboard with said interminable loading screen. The error I’m receiving is ##api.submissions.unknownError##.
Having looked over previous forum results this can be an error due to PHP updates or an update for OJS, which, as the webmaster has indicated, are all up to date. However, I received the notes from the error log today which include the following from the most recent error reports up until I started receiving notice from participants, some of which occur prior to and after these reports; perhaps there is a link to them:
Blockquote
03-Sep-2018 17:50:28 UTC] FileApiHandler: File /home4/ki134452/oraxiom.isshs.edu.mk/files/journals/1//articles/21/submission/21-12-38-2-2-20180902.rtf does not exist or is not readable!
[03-Sep-2018 17:50:28 UTC] ojs2: 500 Internal Server Error
[03-Sep-2018 17:50:36 UTC] FileApiHandler: File /home4/ki134452/oraxiom.isshs.edu.mk/files/journals/1//articles/21/submission/21-12-38-2-2-20180902.rtf does not exist or is not readable!
[03-Sep-2018 17:50:36 UTC] ojs2: 500 Internal Server Error
[03-Sep-2018 17:50:41 UTC] FileApiHandler: File /home4/ki134452/oraxiom.isshs.edu.mk/files/journals/1//articles/21/submission/21-12-38-2-2-20180902.rtf does not exist or is not readable!
[03-Sep-2018 17:50:41 UTC] ojs2: 500 Internal Server Error
[04-Sep-2018 02:35:57 UTC] PHP Fatal error: Call to a member function getSetting() on null in /home4/ki134452/oraxiom.isshs.edu.mk/pages/information/
I am seeing a recurring theme amongst the PHP fatal error: Call to a member function getSetting() on null in…, having appeared various times between the dates of September 4 through until September 22.
How do I go about alerting our webmaster concerning this? What steps are needed for not only participants but those involved with the journal to access our dashboard? Please advise me on what is necessary and I’ll respond back once I have more results. If any more information is necessary, please let me know. Thanks in advance!
Thank you @vvucic, I am hoping to have this resolved soon. @asmecher, if you can please provide me some assistance so I can communicate it back to the webmaster.
Hi @asmecher. From the error log, it shows that this error (Call to a member function getSetting() on null in…) appears quite frequently, almost all the time that I’ve logged into the service. But, I’m wondering what the cause may be. According to someone who tried submitting something, he writes:
Regarding your site, if it can help you, I think the problem comes from the data that was inserted and not from the site itself.
Try to remove unwanted content through administration or directly into the database if you have access to it.
I think that if it is the data inserted, I want to know what kind of data it would be. I am thinking it may have to do with the following: /home4/ki134452/oraxiom.isshs.edu.mk/files/journals/1//articles/21/submission/21-12-38-2-2-20180902.rtf does not exist or is not readable!
Otherwise, my friend pulled up a long list of content following his own search: SyntaxError: JSON.parse: unexpected non-whitespace character after JSON data at line 1 column 7288 of the JSON data. The content seems relatively long, let me know if I should share what comes after that.
Can you check the JSON content using a JSON linter or equivalent? Can you check that your PHP configuration directs errors and warnings to the log rather than the browser?
Regards,
Alec Smecher
Public Knowledge Project Team
@asmecher I’m not sure I follow. I mentioned above that I’m speaking on behalf of the webmaster for our service, so I’m not too familiar with these terms. Using JSONLint online, I got this response from entering the content that was listed:
Error: Parse error on line 6: …, “events”: null} < meta http - equiv ---------------------^ Expecting ‘EOF’, ‘}’, ‘,’, ‘]’, got ‘undefined’
I can send you the content separately through a direct message if possible. There is about 1200 lines of content and I’m wondering if there may have been a security breach. A couple of the lines read as follows:
title = “hack forum”
target = “_blank” > hack forum < /a> <
a href = “http://www.norslar.org/”
title = “forum hack”
target = “_blank” > forum hack < /a> <
a href = “http://www.norslar.org/”
A clarification and some steps that I can communicate to the webmaster to take care of would be greatly appreciated.
That doesn’t sound like anything that should be coming out of OJS. I’d suggest running a diff against your OJS installation to see if it’s been modified somehow.
Regards,
Alec Smecher
Public Knowledge Project Team
@asmecher, we’re going to try and do some real-time testing hopefully soon (troubles of having an international journal…). I’ll let you know the results if we end up having any.
Hey @asmecher, we found out through Ajax that our website was hacked which is rather unfortunate. We’re still hoping to find out the root cause of it. However, what would be some steps to prevent being hacked via your platform and program? What would you recommend us doing? Thanks!
Any information you’re able to provide about how the site was hacked would be useful. The most common way for OJS installations to be attacked is via unsafe configuration of the files_dir in config.inc.php – see the “Recommended Configuration” area in docs/README for details on how to keep your installation safe.
Regards,
Alec Smecher
Public Knowledge Project Team
We think we were hacked via the submissions. We had a lot of spam accounts created and then in the browser console we can see in the html that there are links to these hacker sites (image attached). Our web master says: “Definitely you are experiencing the issues because of the hack, the ajax json responses include html links which in turn invalidates the json and this would lead to failure to execute the JS properly.”
Received a private message from someone that says that our directory was public and could have someone submit material via that. We’re going to identify the root cause shortly, hopefully remove it, and then make sure it is secure for future submissions. I won’t update until this is resolved. Thank you for your help in the matter @asmecher!
@asmecher we were able to fully resolve the issue. Our website is now back to being functional, no errors popping up, and we were able to root out the problem. Thank you for your help in the matter.
