Since we were recently informed by the system administrators that our website is also on the list where hackers publish their achievements http://www.zone-h.org/archive/filter=1/fulltext=1/domain=uni-lj.si, I am interested in when and who creates subfolders in the images folder http://ojs.aas.bf.uni-lj.si/ public/site/images/ with the name of their username and uploads files, such as images. We have discovered four subfolders created by hackers where they uploaded images of propaganda hacking material. Since this happened in 2021, 2020, and 2017, I do not think they had bad intentions since they did not cover our websites with their images.
I found these four usernames in OJS and disabled them. Is there anything else I can do?
We are currently using OJS version 22.214.171.124.
This topic has already been discussed on the forum:
Recently we experienced malicious attack to our OJS 2.4.8 version.
We have found 2 type of attacks, one is that they registered as an author and uploaded “hacked by” images to the “Comments to the Author” section in the submission page. Then they took the link (…public/site/images/username/xxx.jpg) and spread as it is hacked. Is this folder (public/site/images/username) accessible to the public ? Can we restrict it by changing the permission or any other alternative ?
Second type was that the…
If you do a search in the forum you will get several post about he same thing.
I`m looking for the post that was made from PKP about this, but I can´t find it.
Bu it doesn´t represent a potential risk, it´s just annoying.
And by the way, v 2.x is obsolete, yo need to upgrade.
Thanks for the quick reply and additional discussion on this topic. I searched the forum, but found nothing … I obviously entered irrelevant words.
Also, take a look around here:
This file has been truncated.
# Securing Your System
## The Basics
Please see [https://pkp.sfu.ca/ojs/README](https://pkp.sfu.ca/ojs/README), [https://pkp.sfu.ca/omp/README](https://pkp.sfu.ca/omp/README), or [https://pkp.sfu.ca/ocs/README](https://pkp.sfu.ca/ocs/README) to ensure that the software install directory and file storage area (`files_dir` in `config.inc.php`) are configured securely on your server.
In general, the `files_dir` should not be web accessible and should be placed outside of the main software install directory. The software application will manage access to private submission files based on user roles and permissions \(i.e. Editors will have access to all submission files, whereas authors will only be able to access their own submission files\).
In addition, to ensure security the `files_dir` folder should not be readable by other users on the server. Only the webserver should have the necessary read/write permissions so that OJS, OMP, or OCS can read existing files and add new files to the folder, e.g.
`drwxrwx--- 6 ojs www 204B 11 Sep 2017 files/`
The exact details of file permissions will depend on how your web server runs PHP scripts (this is called the "server API" or "SAPI"). For example, if it uses `mod_php`, all PHP scripts will run as the `www-data` user or similar (this is inherently not 100% secure on a multi-user server). If it uses CGI, FastCGI, FPM, or a similar mechanism, it will likely run under your user account.
It is recommended that you install an SSL certificate for your OJS, OMP, or OCS install and ensure that your site always uses the HTTPS protocol to manage user registration, login, and to present content to readers. Once your SSL certificate has been installed and is confirmed to be working \(i.e. you can access your site via [https://myjournal.org](https://myjournal.org/)\) you can configure your site to always use HTTPS by using the following setting in `config.inc.php`:
`; Force SSL connections site-wide
force_ssl = On`
You should also set the base URL to use the HTTPS version of your journal, press, or conference:
Thank you very much for the additional link with instructions on how to protect our system.
Just an FYI, here is the post that PKP did on this, a little while back:
@rcgillis !!! This url is the one I was looking for
Thank you very much
@rcgillis for link!
This topic was automatically closed after 23 hours. New replies are no longer allowed.