Getinterests page has been hacked. How to resolve?

Howdy,

I have inherited an OJS page and was recently received an email “The Australian Cyber Security Centre (ACSC) is aware of a defacement of the website”. The problem is that our getInterests page is currently showing :

{“status”:true,“content”:["-0-hacked-by-Anonimokerl544-">

I am not really familiar with OJS as this site was installed and maintained by someone who has since left our organisation. Does anyone know how I go about resolving this issue? It appears the OJS site is version 2.4.5 and I am waiting on approval before I upgrade to a newer version, if this is required. In the meantime, I have made some changes to the website header to block some common vulnerabilities.

I’m also wondering how I go about clearing this hacked page. Any ideas?

Cheers

Hi @djbii,

This is https://github.com/pkp/pkp-lib/issues/3944 – it’s a couple of years old. I’d recommend…

  • upgrading your OJS installation to the latest 2.4.x (this be done relatively easily and without big changes for your users),
  • cleaning out the spammy user accounts using mergeUsers.php (you’ll probably have to look into your database to identify them – see users and user_settings in particular), then
  • when you’re ready to take on a bigger upgrade, move to OJS 3.x (this will be a big change for your users but the software is much more modern).

There are a few other threads on cleaning out spammy users in this forum if you search around.

Regards,
Alec Smecher
Public Knowledge Project Team

Thanks for this. So the latest 2.4.x would be 2.4.8-5 according to https://pkp.sfu.ca/ojs/ojs_download/. Is this correct?

And I guess I can go straight to 2.4.8-5 from 2.4.5? If so, I found a patch file on the same site and found the site https://wiki.lib.sun.ac.za/index.php/PKP/Upgrading so I guess the upgrade process is:

  1. make a backup
  2. extract the 2.4.5-to-2.4.8-5 patch file to the correct directory
  3. from the same directory, run the command :
    $ patch -p1 < PATCH_FILE

Sounds deceptively simple…
Cheers

Hi @djbii,

There is “official” documentation in the download .tar.gz file. I’d suggest the “full package” process, as patches won’t contain binaries (like images). Don’t forget the database upgrade step, which is in the same document. And don’t forget to take a full backup of everything before you start, especially if you’re not sure of the state of the installation!

Regards,
Alec Smecher
Public Knowledge Project Team

ah. okay. thanks for that as well :slight_smile: