Suspected Unauthorized Modifications to My OJS Journal Website and Unknown Owners Appearing in Google Search Console

Hello,

I kindly request your assistance in resolving an issue that has occurred with my journal website hosted on the OJS platform. During the summer, suspicious users began registering on the site —non-authentic “bots” who submitted materials containing unknown and potentially harmful file formats, and whose names consisted of random characters. I removed these submissions and files, but later another issue appeared: the site’s pages started loading very slowly. When I checked the HTML code of the main page, I found external links to unknown websites. These links appeared to have been inserted into the index.php file. After removing them, the site returned to normal operation.

Later, I registered the site in Google Search Console to monitor its indexing and traffic. There, I noticed incoming visits triggered by the search term “starlinkbet88”, mostly from Indonesia. I downloaded all site files from the hosting server to my computer and searched for this term, but it was not found anywhere in the site’s files. After reviewing incomplete submissions again, I discovered several suspicious files and deleted them. After some time, such unnatural traffic to the site stopped.

During the initial verification of the website in Google Search Console, I uploaded the verification file to the root directory to confirm ownership. However, recently, new owners whom I do not know occasionally appear in the console. I remove them, but one cannot be removed completely because it is verified through a meta tag: < meta name="google-site-verification" content="ExxbjAR4hIPbiiDUrD29_Xp_uwRnKSoqsV0Dm1igMIQ" / >

Google Search Console indicates that this tag was added to the main page and that the owner with the username tadelia975 was verified through it. However, I cannot locate this tag in any of the site files — full text search produces no results.

Screenshot_11306×603 82.9 KB

Could you please advise where exactly within the OJS file structure such a meta tag could be located? Which template or PHP files typically contain the tag? Is it possible that it was added via a plugin, a modification in the database, or another source? I would also appreciate recommendations on what steps to take to thoroughly check the website for unauthorized changes. I suspect that the site might have undergone unwanted interference and would be grateful for your help in diagnosing and resolving the issue.

Sincerely, Artem

If you haven’t found any extra meta tags among the templates, it’s likely that the templates weren’t tampered with in this respect. In OJS there’s a built-in way of adding custom meta tags in Settings - Distribution - Search Indexing so you can check there. To do this modification, you have to be at least a journal manager.

To discard all the unwanted custom changes, it may be preferred to reinstall the OJS code completely (keeping the user files and the database, of course) rather than try to find the individual modified files.

Hi @Artem_Yurchenko,

I think it’s likely that someone has managed to modify files locally on your server.

The two most common ways this happens are…

1. Misconfiguration of the files_dir in config.inc.php. If you have placed this within the web root, it can be used to attack the server. This is noted on the installation form, in the documentation, in the configuration file, etc.
2. Running an out of date version of the software that has known vulnerabilities (generally stored XSS in OJS 3.3.0-14 and older). Make sure to stay up to date with the latest releases; see this memo.

Regards,
Alec Smecher
Public Knowledge Project Team

This topic was automatically closed after 15 days. New replies are no longer allowed.