We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.

Bug 8040 - Cross Site Attacks reported by Hosting Company - IP is blocked
Cross Site Attacks reported by Hosting Company - IP is blocked
Status: RESOLVED INVALID
Product: OJS
Classification: Unclassified
Component: Open Journal Systems
To be determined
All All
: P3 blocker
Assigned To: PKP Support
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-25 04:54 PST by Farrukh
Modified: 2012-11-26 09:45 PST (History)
1 user (show)

See Also:
Version Reported In:
Also Affects:


Attachments
Error reported by Hosting Company for OJS (150.74 KB, image/jpeg)
2012-11-25 05:01 PST, Farrukh
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Farrukh 2012-11-25 04:54:19 PST

    
Comment 1 Farrukh 2012-11-25 05:01:32 PST
Created attachment 3891 [details]
Error reported by Hosting Company for OJS

OJS 2.8.3 is installed on a hosting company. Every time a user registers itself, the IP is blocked by the hosting company. The attachment is showing exact error on the server.

Hosting company advised that the error in in /lib/pkp/js/jquery.cookie.js and developer should check it particularly.

Should upgrading to newer version resolve this issue?

Farrukh.
Comment 2 Farrukh 2012-11-25 05:04:35 PST
Correction
==========

The installed version is 2.3.8 and not 2.8.3
Comment 3 Farrukh 2012-11-25 05:23:03 PST
The exact error is also reported on some earlier verion here: http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=8188
Comment 4 Alec Smecher 2012-11-26 09:45:26 PST
I'm marking this invalid for two reasons:
- It's not our code, i.e. the problem resides either in the third-party jquery.cookie.js or in the mod_security rules that target it (clearly the latter IMO)
- The "correct" solution, per the discussion at <http://drupal.org/node/522646>, is to correct the broken mod_security rule or pester your ISP into doing the same.

If you need to rename jquery.cookie.js while your ISP is reading your request for a rule correction (hint hint), you can do so by:
1) renaming lib/pkp/js/lib/jquery/plugins/jquery.cookie.js to e.g. jquery.c.js
2) editing templates/common/minifiedScripts.tpl and updating the same filename there to the new name.