I saw a hacker submitted a *.txt file in our OJS 3.1 site. Hacker email was aalvriyanto@gmail.com which hacked other sites (you can find his Email information in Google). I deleted the submission.This action done last week.
Today, I saw a new hacker (or previous! person), submitted a new docx file in our site. This file has some codes in its contexts. I deleted the submission.
I have a question. Is it possible hacker attached a virus/malware etc. to *.docx file and hack my computer or site?
Please help me. I don’t know many things about hackers.
Hacking by submitting a txt or docx file is not possible, at least I do not know a how that would happen. It is usually phtml files that are used.
Make sure that the OJS files directory is not a subdirectory of your OJS installation. I mean, if for example you have your OJS in var/www/public_html/ then your files directory should be for example at var/www/files => NOT in var/www/public_html/files. In short you should not be able to access your files directory using an address like http://yourdomainnamehere.com/files/