Last weekend our IT department brought the server down on which our OJS instance is hosted. They did so because the virus scanner noticed a lot of potential hazardous requests related to OJS.
We are on OJS 3.4.0-7
We had a look into the requests and here some examples:
POST /ojs/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&action=upload
POST /ojs/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
POST /ojs/index.php?option=com_adsmanager&task=upload&tmpl=component
We just got around to bring the service up again by adding restrictions in the POST requests.
Are you familiar with these kind of post requests? And do you know how we can prevent these.
I suspect there’s a vulnerability scanner sending requests like this to random domains, and yours received one. OJS will respond to this request (as it includes an index.php script of its own at that URL) but obviously won’t be vulnerable to a Joomla flaw. It’s a pretty aggressive reaction for a host to take down a site just based on this!
There’s nothing you need to do, beyond finding out from your host how you can avoid having them take down your site based only on third-party requests like this.
Regards,
Alec Smecher
Public Knowledge Project Team