We are facing this major problem over the past two months.
One is a concern about security. The system is susceptible to hacking.
The second concern is about with article submission.
Anyone can submit anything to OJS with any email address (even the incorrect one). Every day, we discovered 5 to 10 submissions that appeared to be fraudulent or hacked. The file attached is in HTML format. We have removed 100+ unknown authors (looks like hacker) from users and role. But within 2 days all are again found in systems.
We are interested in learning how to prevent submissions coming from incorrect email addresses in OJS.
Additionally, we are aware of OJS’s security features. Kindly look into this as earliest. This is very serious issue.
You can limit who can login to your site by using this setting (under Users and Roles) “The Journal Manager will register all user accounts. Editors or Section Editors may register user accounts for reviewers.”:
Otherwise, users will be able to self-register.
You can also limit users abilities’ to enroll in certain roles in the role settings (like author for example):
Is your files_dir setting in config.inc.php configured so that it is outside of your web root? Make sure that it is; see docs/README.md in the Recommended Configuration section.
Regards,
Alec Smecher
Public Knowledge Project Team
