Regarding security and submission

Hello, Sir

We are facing this major problem over the past two months.

One is a concern about security. The system is susceptible to hacking.

The second concern is about with article submission.
Anyone can submit anything to OJS with any email address (even the incorrect one). Every day, we discovered 5 to 10 submissions that appeared to be fraudulent or hacked. The file attached is in HTML format. We have removed 100+ unknown authors (looks like hacker) from users and role. But within 2 days all are again found in systems.

We are interested in learning how to prevent submissions coming from incorrect email addresses in OJS.

Additionally, we are aware of OJS’s security features. Kindly look into this as earliest. This is very serious issue.

Version of OJS: 3.3.0.8

Hello @National_Journal_of,

You can limit who can login to your site by using this setting (under Users and Roles) “The Journal Manager will register all user accounts. Editors or Section Editors may register user accounts for reviewers.”:

Screen Shot 2022-09-13 at 12.42.23 PM

Otherwise, users will be able to self-register.

You can also limit users abilities’ to enroll in certain roles in the role settings (like author for example):

Screen Shot 2022-09-13 at 12.44.42 PM

-Roger
PKP Team

Hi @National_Journal_of,

See also the require_validation option in your config.inc.php configuration file.

Regards,
Alec Smecher
Public Knowledge Project Team

Dear Sir,

Thank you for your reply. But due to so many submission this is not possible to register every author.

Kindly look in to it.

For example we have also enclosing the attachment for such submission.

Untitled

Hi @National_Journal_of,

Is your files_dir setting in config.inc.php configured so that it is outside of your web root? Make sure that it is; see docs/README.md in the Recommended Configuration section.

Regards,
Alec Smecher
Public Knowledge Project Team

This topic was automatically closed after 14 days. New replies are no longer allowed.