Hi everyone,
The website that I manage has been hacking three times in two months. After the third time I decide to request to the hosting a root cause analysis to know why it happened and because the conference is in the submission phase, so we need a stable website for our authors.
The feedback of the analysis that gave me the security administrator conclude that in one of the OJS installations (the site has two, one in each subdomain) a PHTML file has been uploaded by a user via the submission process. The file was in the a files directory that isn’t located inside the OJS installation, it was outside of the public_html.
I have read that it already happens in OJS 2.4.8. I also read that if the files directory is outside the web access, it doesn’t produce any problem. But, as I said in the last paragraph, it is outside the public_html, so I don’t understand why this script is hacking our website.
The kind of files added to every subdomain/site that I have are html and php files. The script makes useless all the website (including sites where there isn’t a OJS installation).
As temporarily solution, I have closed the registrations in the site where the script was submitted. But I can’t close the registrations in the another OJS installation, because in that moment we are receiving submissions. Could it be possible to stop a submission when someone is trying to upload some file with programming code (html, php, phtml, etc.)? I have read in the topic of the hacking to OJS 2.4.8 that it isn’t possible but I would like that you confirm me that. I am sure that our authors isn’t going to upload this kinds of files, so this kind of files can be limited.
And yes, as I read in the topic that I have mention, it is made by an Indonesian hacker.
Thanks in advance. I await your answers.
Regards, Iván