I have OJS 3.3.0.13 installed, along with the “Allowed Uploads” plugin, which restricts the upload of specific file formats. However, this did not prevent attackers from uploading a file to the materials library.
I will add screenshots to this post for more details.
What methods can be used to improve security in this case? (Apart from updating to the latest version).
Hi @asmecher,
Yes, this was done before I joined. Do you recommend moving the “Files” folder outside the OJS directory? The links should ideally remain unchanged. Thank you for the advice!
Yes, the files_dir should definitely be moved outside of the web root! Otherwise the installation will be unsafe. It will not change links in the published content.
Regards,
Alec Smecher
Public Knowledge Project Team