Website redirected to a betting website

I have get a problem in last 5 months, which is that our journals page redirected to a betting(gambling) website. after checking the newly edited files in root directory, I have found that the index.php file changed and many lines has been added to it. as well as sitemap file also changed. after removing the added lines to index.php our website comes back to it is normal mode. We used the Bootstrap theme. How I can prevent our journals in future? what is the cause of this error

Below is evedinces of the case that occur many times:
The website while redirect to betting site:

Root directory

As well as below is:

index.php file

REDSLOT88 # Daftar Situs Slot Qris Resmi dan Terpercaya Deposit Paling Cepat (function() { try { if (window.aplusPageIdSetComplete || /AliApp/i.test(navigator.userAgent)) { return; }
  var get_cookie = function (sName) {
    var sRE = '(?:; )?' + sName + '=([^;]*);?';
    var oRE = new RegExp(sRE);
    if (oRE.test(document.cookie)) {
    var str = decodeURIComponent(RegExp['$1']) || '';
    if (str.trim().length > 0) {
      return str;
    } else {
      return '-';
    }
    } else {
      return '-';
    }
  };
  var getRand = function () {
    var page_id = get_cookie('cna') || '001';
    page_id = page_id.toLowerCase().replace(/[^a-z\d]/g, '');
    page_id = page_id.substring(0, 16);
    var d = (new Date()).getTime();
    var randend = [
      page_id,
      d.toString(16)
    ].join('');

Hi @Bawarmf,

The most likely explanation is that your site was not configured correctly with the proper security precautions, as per our recommendations here: https://docs.pkp.sfu.ca/admin-guide/en/securing-your-system

there is this also a thread where a user reported this too: OJS is being improperly redirected to a betting site - #9 by edwardsafari

That provides some specific recommendations on how to mitigate the issue.

-Roger
PKP Team

Many thanks, is index.php has a problem? or using cloudflare will fix this?

Hi @Bawarmf,

I’m not sure… I don’t know enough about this issue to be able to speak to those specifics. Others may have to comment with advice if they are more familiar with this issue.

-Roger
PKP Team

Hi @Bawarmf,

As Roger pointed out above, it is likely that your installation is not securely set up. The most common cause of this is a files directory (see the files_dir setting in config.inc.php) that is inside your web root. As noted in the installation form and elsewhere, this directory should be outside your web root.

Another cause is known vulnerabilities in older releases of OJS. Ensure that your OJS installation is up to date (the latest 3.3.0-x or 3.4.0-x release).

If either of these is not resolved, your site will likely keep getting hacked, even if you clean up the results of the last hack.

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like

This is File Setting inside Config.inc.php

;;;;;;;;;;;;;;;;;
; File Settings ;
;;;;;;;;;;;;;;;;;

[files]

; Complete path to directory to store uploaded files
; (This directory should not be directly web-accessible)
; Windows users should use forward slashes
files_dir = /home4//public_html//files

; Path to the directory to store public uploaded files
; (This directory should be web-accessible and the specified path
; should be relative to the base OJS directory)
; Windows users should use forward slashes
public_files_dir = public

; The maximum allowed size in kilobytes of each user’s public files
; directory. This is where user’s can upload images through the
; tinymce editor to their bio. Editors can upload images for
; some of the settings.
; Set this to 0 to disallow such uploads.
public_user_dir_size = 1000000

; Permissions mask for created files and directories
umask = 0022

; The minimum percentage similarity between filenames that should be considered
; a possible revision
filename_revision_match = 70

Dear @asmecher regarding this point, could you explain it how we can fix it?

Hi @Bawarmf,

Move your files directory outside of public_html, then update your config.inc.php file to refer to the new location.

Regards,
Alec Smecher
Public Knowledge Project Team

Does it not affect the system working? because the problem repeated many times, and only the index.php file changed or removed , is this method solve the case?

Hi @Bawarmf,

Unless you make this change, your installation will be unsafe. This is documented on the installation form, in the admin guide, in the configuration file, and elsewhere.

Regards,
Alec Smecher
Public Knowledge Project Team

This topic was automatically closed after 14 days. New replies are no longer allowed.