Problems with hacking to my site OJS

Please your help, I have hacking problems on my OJS site, I would like you to tell me what detailed actions I should take to avoid further attacks.

I show you what they did to us: http://revistas.uasb.edu.ec/public/site/images/adminos/kingskrupellos.png

Regards

Hi @freddy,

See this blog post for details. If it’s just the uploaded image, your site hasn’t been hacked; an image upload tool has been used to upload an image suggesting that it has. This is roughly equivalent to uploading an image to a service like https://imgur.com/ stating that you’d hacked their site.

Regards,
Alec Smecher
Public Knowledge Project Team

An uploaded image can become a problem if it was hand crafted to trigger known bugs in viewers for that image format. Maybe it is possible to find check tools for the typical image formats and report suspicious images.

The same applies to other uploads, too (DOC, PDF, …).

Hi @stweil,

The image uploader works with web-safe formats like .png. If it were possible to maliciously craft these files to attack the machines of viewers, then the entire web would be unsafe.

It is possible for users to upload e.g. Word documents with macro viruses as submissions, and it’s up to the server administrator to provide antivirus tools, and up to the editor to have something on their own machine. This is part of normal web hygiene and on par with other commonly used file management systems like Dropbox.

Regards,
Alec Smecher
Public Knowledge Project Team

Hmm. I have installed clamav on my Ubuntu server, it was easy to configure it to work with emails. But, as I see it, for checking uploaded by OJS files I need to download php-clamav lib and integrate it with file upload script, isn’t it?

Hi @Vitaliy,

Actually I don’t think this is a very attractive venue of attack for potential hackers. It’s understood that the web is not a safe place to download and run executable files indiscriminately, and OJS is not different than any other file storage tool in this regard. Malicious macros (such as Word documents might contain) are not a common problem, probably because of their low yield and the unlikeliness of their being successfully triggered; I’m not sure about Word, but I’ve seen OpenOffice warn about macros and give the user a chance to avoid running them upon opening a file.

It would be possible to integrate ClamAV with a fairly simple OJS plugin, but if you’re concerned about being attacked, I don’t think it’s a likely method.

Regards,
Alec Smecher
Public Knowledge Project Team

2 Likes

Hi all! We are soliciting feedback and proposals for hacking claims via image uploads on this Github discussion. Feedback would be welcome.

Regards,
Alec Smecher
Public Knowledge Project Team