Our ojs site was hacked by "aneurism.inc"! They have replaced index.php with a simple text file containing "anurism.inc" and who knows what else!
Please tell me tighter security will be part of version 2.0??
Blake
We've been hacked!
Moderators: jmacgreg, michael, John, vgabler
Forum rules
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.
What to do if you have general, workflow or usability questions about OJS:
1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.
2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.
3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.
What to do if you have general, workflow or usability questions about OJS:
1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.
2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.
3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.
5 posts
• Page 1 of 1
We've been hacked!
by blake » Wed Dec 01, 2004 2:17 pm
- blake
- Posts: 12
- Joined: Mon Jun 07, 2004 9:57 am
by kevin » Wed Dec 01, 2004 4:04 pm
Yes, security is a much higher-priority issue in 2.0 than the afterthought it was in 1.x.
Assuming it was an OJS bug, do you have any details on the vulnerability that was exploited (e.g., from looking at your web server logs at the time)? Feel free to send your logs in to us for further investigation if you can.
Assuming it was an OJS bug, do you have any details on the vulnerability that was exploited (e.g., from looking at your web server logs at the time)? Feel free to send your logs in to us for further investigation if you can.
Kevin
- kevin
- Posts: 338
- Joined: Tue Oct 14, 2003 8:23 pm
Hacker problem
by ramon » Thu Dec 02, 2004 6:07 am
Fellows,
We've been hacked too, but it was through de urldecode function used in a highlight variable of PHPBB.
There is a workaround to remove all special characters sent through that variable, but I don't have it yet.
Our forum index page was changed. If OJS uses this function to send and treat variables, that may be the vulnerability.
We've been hacked too, but it was through de urldecode function used in a highlight variable of PHPBB.
There is a workaround to remove all special characters sent through that variable, but I don't have it yet.
Our forum index page was changed. If OJS uses this function to send and treat variables, that may be the vulnerability.
- ramon
- Posts: 905
- Joined: Wed Oct 15, 2003 6:15 am
- Location: Brasília/DF - Brasil
More Info
by blake » Thu Dec 02, 2004 11:14 am
Initially I thought this attack was clearly an OJS vulnerability because the first thing we noticed was a defaced OJS home page. However our system was root compromised so I suppose any RedHat 9 exploit could be to blame.
On the other hand there were other pages and applications on this server that were not damaged so OJS could still be a culprit. We're back up an a tightened and restricted mode and working on more permanent security fixes.
Blake
On the other hand there were other pages and applications on this server that were not damaged so OJS could still be a culprit. We're back up an a tightened and restricted mode and working on more permanent security fixes.
Blake
- blake
- Posts: 12
- Joined: Mon Jun 07, 2004 9:57 am
5 posts
• Page 1 of 1
Return to OJS Editorial Support and Discussion
Who is online
Users browsing this forum: No registered users and 1 guest