We have a problem on our journal site (OJS 2.3.6.0) with link spam. It is appearing right above dynamic content (i.e. immediately above HTML articles, but underneath the breadcrumb, or between “journal description” and “additional content” on the announcements page.
It shows up primarily in Firefox, largely because of a style command that I think doesn’t work in Firefox (I believe the intention is for this to stay hidden to influence search results).
You can see it on the following pages:
http://www.digitalstudies.org/ojs/index.php/digital_studies/article/view/297/396 (right above the title)
http://www.digitalstudies.org/ojs/index.php/digital_studies/index (right under the paragraph beginning “All articles published by DSCN” [i.e. after the third paragraph]).
Does anybody have any idea where the spammers could have inserted this in OJS to have it show up here?
Hi @DanielPaulOD,
I’d suggest using the standard diff tool to compare your installation againts a stock OJS 2.3.6 download. That will help to identify where the problem is, if it’s a file modification.
Note that OJS 2.3.6 is extremely old; I’d strongly suggest upgrading.
Regards,
Alec Smecher
Public Knowledge Project Team
Thank you Alec. We do need to upgrade, but we are in the process of being reviewed for a move to OLH and so don’t want to risk breaking anything. Is there a quick way of updating rather than going through the stages? I looked at the instructions and found it a little intimidating for where we are.
I’ve never done something like the diff thing before: would the idea be to set up a 2.3.6 stock install and then run diff on the directories? It is a linux server, so I should be able to without problems.
Thanks again!
Hi @DanielPaulOD,
The “full package upgrade” process described in the documentation is what we recommend, and it does involve a few steps. I’m not aware of any known security problems with OJS 2.3.6, so while it’s possible that the hack was caused by your old installation of OJS, it’s not as likely in my opinion as other possibilities, primarily misconfiguration (i.e. your “files” directory being placed in a web-accessible location), or file permissions being too permissive on a shared system. I would suggest reviewing those if you’d rather not upgrade.
The diff process is as you describe – you’ll need to use diff to compare your installation of OJS 2.3.6 to an unmodified one. Typically something like:
diff -u -r -N /path/to/stock/ojs-2.3.6 /path/to/live-installation > resulting-patch.diff
Then review resulting-patch.diff to see what it contains. You can try searching it for the spam text.
Regards,
Alec Smecher
Public Knowledge Project Team