I am using OJS 3.1.2.4, and my journal was hacked. The number of users increased unexpectedly, and several new roles appeared in Users & Roles → Roles that were never created before.
I tried to delete these suspicious roles through the OJS interface, but the deletion always failed
I need to know in which database tables the Roles list is stored so I can remove these hacked roles safely from the database.
I expected the system to allow me to delete the unwanted roles normally
Hi @kbh,
I would strongly suggest upgrading your OJS before doing anything else. OJS 3.1.2-4 is years out of date and no longer maintained for security; even if you do manage to clean up the malicious accounts, it’s likely that they’ll just attack your installation again.
Regards,
Alec Smecher
Public Knowledge Project Team
Thank you for the suggestion.
Do you have any official guide for upgrading OJS from version 3.1.2-4 to the latest version? Most tutorials I found online look very manual and require advanced technical skills.
Also, is there any recommended service or organization that can safely handle an OJS upgrade, especially for an installation that has already been hacked?
Thank you.
Regards,
KBH
The official guide is here https://docs.pkp.sfu.ca/dev/upgrade-guide/en/
As an intermediate step before upgrading, you can just replace the OJS code (if it hasn’t been customized by you or your colleagues) with the “pristine” OJS of the same version. You need to replace everything but config.inc.php (which it would be good to check for unwanted changes), .htaccess and the public folder.
As @asmecher said, you probably will be hacked again, so at least patch the most serious known vulnerabilities (e.g., those listed here https://pkp.sfu.ca/software/ojs/download/archive/ with particular versions)
Running, maintaining and upgrading OJS, even the containerized “easyOJS” version GitHub - pkp/containers: OCI-compliant images for PKP applications requires some technical skills, as does pretty much everything that runs on servers.
As for the recommended service, as far as I remember PKP runs some kind of specialized hosting and provides paid service.
This topic was automatically closed after 8 days. New replies are no longer allowed.
