OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



We've been hacked!

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OJS:

1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.

We've been hacked!

Postby blake » Wed Dec 01, 2004 2:17 pm

Our ojs site was hacked by "aneurism.inc"! They have replaced index.php with a simple text file containing "anurism.inc" and who knows what else!

Please tell me tighter security will be part of version 2.0??

Blake
blake
 
Posts: 12
Joined: Mon Jun 07, 2004 9:57 am

Postby kevin » Wed Dec 01, 2004 4:04 pm

Yes, security is a much higher-priority issue in 2.0 than the afterthought it was in 1.x.

Assuming it was an OJS bug, do you have any details on the vulnerability that was exploited (e.g., from looking at your web server logs at the time)? Feel free to send your logs in to us for further investigation if you can.
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Hacker problem

Postby ramon » Thu Dec 02, 2004 6:07 am

Fellows,

We've been hacked too, but it was through de urldecode function used in a highlight variable of PHPBB.

There is a workaround to remove all special characters sent through that variable, but I don't have it yet.

Our forum index page was changed. If OJS uses this function to send and treat variables, that may be the vulnerability.
ramon
 
Posts: 931
Joined: Wed Oct 15, 2003 6:15 am
Location: Brasí­lia/DF - Brasil

Postby kevin » Thu Dec 02, 2004 9:20 am

Yes, I'm aware of that phpBB security hole, and patched the PKP forum recently to address it.
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

More Info

Postby blake » Thu Dec 02, 2004 11:14 am

Initially I thought this attack was clearly an OJS vulnerability because the first thing we noticed was a defaced OJS home page. However our system was root compromised so I suppose any RedHat 9 exploit could be to blame.

On the other hand there were other pages and applications on this server that were not damaged so OJS could still be a culprit. We're back up an a tightened and restricted mode and working on more permanent security fixes.

Blake
blake
 
Posts: 12
Joined: Mon Jun 07, 2004 9:57 am


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: Bing [Bot], Exabot [Bot] and 4 guests