OJS 3.0.2 hacked

First, sorry my English. A hacker managed to upload images to our /public/site/images dir. I’ve discovered that other ojs sites (here, here, here…) suffered the same type of attack. Are you guys aware of this kind of problem? If yes, how can we propper configure or patch the system to prevent future hacks?

Hi @spotter-ssol,

See this blog post for details on the issue.

Regards,
Alec Smecher
Public Knowledge Project Team

Thank you very much!

Is there any way to disable user profile picture? We realy don’t use/need this feature. And it seems to be the only way to stop this kind of “attack”.

Hi @spotter-ssol,

To remove the image upload plugin entirely, follow the directions on this post.

Regards,
Alec Smecher
Public Knowledge Project Team