Hello, Someone inserted a PHP file named alz.php in all my file system of OJS installation. When I saw the file content it is “Hacked By Mr.N00B”. I am attaching the same file for your reference. Please suggest me Is my site is hacked or not. The website is running fine. www.iabcr.org
Please suggest me what should I do.
You have installed your system so that the files directory is a subdirectory of OJS. This means that it is accessible from web and can be easily hacked. The correct place to save your submission files is outside the webroot.
So if your OJS is for examle in /var/www/public_html/, you should place your files directory to /var/www/files.
You should move your files directory
Update config.inc.php to match the new location of your files directory
Remove the scripts the hacker has uploaded. I would also replace all OJS installation files with a fresh copy of the same version to make sure there are no backdoors
Change your mysql password
See also:
https://github.com/pkp/ojs/blob/master/docs/README#L58
Ok, Should I remove all installation, or remove the inserted files from all directories.
If you do not have any own modifications, I would first check which version you are using (seems to be 3.1.0.1) and then replace the whole installation with a fresh copy of that version.
Just remember not to remove the public folder (mostly uploaded images) and the config.inc.php (and possibly .htaccess if you have something there) and as said above, move the files directory outside the webroot and add the new location to config.inc.php.
You probably end up having an uploaded .phtml file in your files directory, but once the files directory is outside the webroot, the hacker can not use it anymore.
The code the hacker uploaded is pretty harmless, it just creates popup windows when you access a folder.
Thanks for reply sir, I also set the permissions of " cache, public" folder to 0777, during installation, should I change the permissions of these folders also or not.
you should not need 777, the permissions that you do need depend on your system. In our case we give the read/write permissions to the apache user, but in many cases you do not need even that. This is the sort of question you will probably find a better answer from https://stackoverflow.com because it applies to all software using php.