Strange page contents within my site that need to be removed, i need help

can any one check the following page and tell me what is going on and what should i do please?

http://www.gssrr.org/index.php?journal=JournalOfBasicAndApplied&page=user&op=getInterests

Hi @Dr_Mohammad_Othman_N,

Do you have ReCaptcha configured for user registration? If not, I would suggest setting it up in config.inc.php to prevent spam registrations.

Regards,
Alec Smecher
Public Knowledge Project Team

Thank you for the suggestion. The current problem is that the mentioned page can be accessed without login at all to the journal. This mean there is a hacking problem here . Can any body try to help about how to remove the mentioned page?

Hi @Mohammed_Nassar,

That page is not intended to be placed behind a login and doesn’t indicate hacking. It’s just reporting available user interests that other users have recorded, for the purposes of auto-suggest. As you can see, there are numerous spam interests that bots have registered. Turning on ReCAPTCHA would help prevent these from coming into the system.

Regards,
Alec Smecher
Public Knowledge Project Team

thank you for the answer. i am using ojs-2.3.8. i did activate the captcha; but as you know the Recaptcha is much better; is there any way to activate the Recaptcha by adding code? note: i am not planing to upgrade the OJS version.

Hi @Dr_Mohammad_Othman_N,

ReCaptcha is not supported in OJS 2.3.8; you’ll have to upgrade to something newer for that functionality.

Regards,
Alec Smecher
Public Knowledge Project Team

Hi there;

We are having this same problem of this page seemingly having been hijacked by bots. I do have captcha enabled on my site, but I don’t know if these “interests” were entered perhaps in the far distant past?
Anyways, I’d like some advice if you have some about how to scan the database for these things so I can remove them. Links to some inappropriate things are being hosted on our system now and I need to remove them. Even if I can find out which users have this inappropriate data associated with them, I can delete those accounts if needs be.

Hi @libsys,

Look in the controlled_vocab_entry_settings table. These are almost guaranteed to be automated registrations, and the links etc. are never presented in a way that can cause the kind of SEO indexing that the submitters intend – which is to say, it is annoying but doesn’t carry any particular risk.

If you can identify the user accounts associated, you can use the tools/mergeUsers.php script to remove these accounts en masse.

Regards,
Alec Smecher
Public Knowledge Project Team

Thanks Alec; I found these ugly little gremlins in the controlled_vocab_entry_settings table as you say. Next I need to find a way to separate the wheat from the chaff, as they say. ie. how to identify in an automated way which of these rows can safely be deleted, and which are from active, real users and should remain in place.

The first example I’ve noted is from a user account that is no longer in the system. Would there be an easy way to simply remove all “interest” rows that do not have a valid, active user account? That might remove the bulk of them. Do you have such a query handy perhaps? Or know of a reason why I should not do that? (Don’t want to cause crashing of the OJS system if those IDs are referenced elsewhere.)

Thanks for your speedy reply!

Hi @libsys,

Has the associated user account been removed entirely, or simply deactivated? (Does it have an entry in the users table still?)

Regards,
Alec Smecher
Public Knowledge Project Team

Hi Alec;

So far of the 10 instances of ‘dirty’ data in that field I’ve investigated, 9 of them were from users who were no longer present in the users table.

Brad

Hi @libsys,

I think this is a good opportunity to add a new tool. It would be easy enough to write up a bit of code to remove any user interests that are not referenced by a user account. I’ve filed this over here.

Regards,
Alec Smecher
Public Knowledge Project Team

Thanks Alec; it would indeed be nice if this tool was included in OJS.

Are there any tips you can give me to help remove these quickly now though? I am willing to manually go through the list and remove them directly from the database, but I am reluctant to do that before removing the redundant ones due to the sheer number involved. Also reluctant to try crafting this query myself, not wanting to cause unintended side effects.

Brad