We recently got hacked. Someone self-registered with one of our journals and then submitted a suss file to that journal. Luckily we picked it up before it did any damage, but as a result, we’ve de-activated self-registration for all our journals. So far, so good, but the ‘Register’ link still displays on the home page beside each journal. Any way to get rid of that without changing the code? We’re currently on 2.4.7.1.
Hi Alec, sorry for the loose language. Suss = suspicious. According to our IT guys, who picked the problem up very quickly, the file in question was a “special” profile image with code in it. There was also a distinctive title given to the upload title; I’ll email that to you privately if I can find your email address, as I’m not giving publicity to these hackers.
Hi @bernieh,
Once users register, they’re able to upload a limited number/size of images, e.g. for their profile or biography. These are placed in the public directory tree. Simply posting an image that contains “hacked by xyz” in it is not evidence of a hack – you could equally well set your Twitter profile image to something reading “I hacked Twitter”. However, if you’re interested in changing the file upload policy for new users, we’ve done a little experimentation with that as part of our PKP code sprint.
If you have other evidence of a security problem, please let me know further details. See this blog post for related details.
Regards,
Alec Smecher
Public Knowledge Project Team