User uploads and spam users

andfa · February 27, 2018, 12:08pm

We have some problems with spam user registrations in our OJS 2.x. (we are planning to upgrade to 3.x with captcha shortly)

Some of the unwanted users has managed to upload files to this folder:
“/public/site/images/”.
Is that an indication that our system has been compromised or can any user upload images to subfolders there?

Grateful for any comments…

Best regards,
Anders

andfa · February 27, 2018, 2:55pm

Forget this!

/Anders

vvucic · February 27, 2018, 3:33pm

You can put ib your config.inc.php that confirmation mail is required.
Also in your /public folder
you can put .htaccess file with
deny for all
directive.

asmecher · February 27, 2018, 4:07pm

Hi @andfa,

See e.g. this thread. Your site isn’t hacked.

Regards,
Alec Smecher
Public Knowledge Project Team