Website hosted on OJS2.4.8 hacked five times since last week

Websites managed by me has been hacked

What security issues may be possible???

Hi @Pradeep_Tiwari,

Is your file storage area (files_dir) web-accessible? That’s a dangerous configuration, as noted in the installation form and README documentation, and it’s the most common cause of break-ins.

The files area should be either kept outside the web root, or protected from direct access using e.g. a .htaccess document.

Alec Smecher
Public Knowledge Project Team

1 Like