Hello,
The conference finished yesterday and today when I try to log in as conference manager I get a blank screen and no access.
The URL is http://www.designoutcrime.org/ocs2/inde ... login/signIn
The problem occurs in all the browsers I've tried: IE8, Firefox 3.5.5 and Chrome 3.0.195.33
I'm guessing, as it aligns with the conference finishing, that there is a date setting incorrect but I haven't the faintest which bit of the database to edit!
Any ideas on how to fix this? Its really urgent on a number of fronts.
My apologies, I just posted this question in error to the general OCS discussion forum before realizing it is a technical issue.
Best wishes,
Terry
No access to admin after conference!
Moderators: jmacgreg, michael, John
Forum rules
What to do if you have a technical problem with OCS:
1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.
2. Check the FAQ to see if your question or error has already been resolved. Please note that this FAQ is OJS-centric, but most issues are applicable to both platforms.
3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a development question, try the OCS Development subforum.
What to do if you have a technical problem with OCS:
1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.
2. Check the FAQ to see if your question or error has already been resolved. Please note that this FAQ is OJS-centric, but most issues are applicable to both platforms.
3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a development question, try the OCS Development subforum.
4 posts
• Page 1 of 1
No access to admin after conference!
by tlove » Sat Dec 05, 2009 6:17 pm
- tlove
- Posts: 30
- Joined: Mon Oct 01, 2007 8:47 am
- Location: Australia
Re: No access to admin after conference!
by tlove » Sun Dec 06, 2009 6:21 am
The OCS site was linked to via a Joomla website. The Joomla part of the website was extensively hacked yesterday with code injections.I haven't had time yet to check the OCS website for code injections but I'm presuming the OCS php code will also be badly compromised. .
I'd welcome expert advice on three things:
1. Is there a straightforward way to search for code injections in the mysql database
2. Are there any reports of a security risk via scripts being uploaded with documents into the ocsfiles upload directory and then being activated from there?
3. Are there particular security weaknesses I should know about in OCS?
Best regards and thanks in advance,
Terry
I'd welcome expert advice on three things:
1. Is there a straightforward way to search for code injections in the mysql database
2. Are there any reports of a security risk via scripts being uploaded with documents into the ocsfiles upload directory and then being activated from there?
3. Are there particular security weaknesses I should know about in OCS?
Best regards and thanks in advance,
Terry
- tlove
- Posts: 30
- Joined: Mon Oct 01, 2007 8:47 am
- Location: Australia
Re: No access to admin after conference!
by asmecher » Wed Dec 09, 2009 6:13 pm
Hi Terry,
I'd be extremely surprised to see anything in the database; chances are very good that you'll need to worry about your PHP scripts and nothing more. I'd suggest doing a full comparison (using e.g. the diff tool) of your installation against a stock version of OCS. Review the diff file for evidence of tampering and reverse the parts of the patch that represent hacking.
Your files_dir should be located outside of your web root so that it cannot be accessed directly by the server. This is recommended in our documentation and should already be the case. This way, harmful files like PHP scripts cannot be uploaded via the OCS interface and then invoked remotely. It also provides secure storage of your documents, i.e. so that unreviewed documents can't be downloaded via the browser without going through OCS's access checks first.
OCS has no known security problems; we do our best to make sure that our apps are secure and our track record so far is very good.
Most attacks come in via automated scans for out-of-date application installs with known vulnerabilities. You can usually find out what happened by looking at the file modification dates of the compromised scripts and correlating that date and time against your request log e.g. for something like a remote include vulnerability. Determining the cause can help determine the extent of the attack.
Regards,
Alec Smecher
Public Knowledge Project Team
I'd be extremely surprised to see anything in the database; chances are very good that you'll need to worry about your PHP scripts and nothing more. I'd suggest doing a full comparison (using e.g. the diff tool) of your installation against a stock version of OCS. Review the diff file for evidence of tampering and reverse the parts of the patch that represent hacking.
Your files_dir should be located outside of your web root so that it cannot be accessed directly by the server. This is recommended in our documentation and should already be the case. This way, harmful files like PHP scripts cannot be uploaded via the OCS interface and then invoked remotely. It also provides secure storage of your documents, i.e. so that unreviewed documents can't be downloaded via the browser without going through OCS's access checks first.
OCS has no known security problems; we do our best to make sure that our apps are secure and our track record so far is very good.
Most attacks come in via automated scans for out-of-date application installs with known vulnerabilities. You can usually find out what happened by looking at the file modification dates of the compromised scripts and correlating that date and time against your request log e.g. for something like a remote include vulnerability. Determining the cause can help determine the extent of the attack.
Regards,
Alec Smecher
Public Knowledge Project Team
- asmecher
- Posts: 5747
- Joined: Wed Aug 10, 2005 12:56 pm
Re: No access to admin after conference!
by tlove » Sat Dec 19, 2009 4:12 am
Thanks Alec. Great you are good on the security side! Its been a trying time. I had 9 sites down out of 15. Interestingly all on the same hosting provider and none on the other provider. I'd managed to tie things confusingly in knots by accidentally installing OSC 2.1.2 on a site that had previously OSC 2.1.1.2. That gave some strange error messages and led me to think that a table (review.forms) had been dropped. I also revealed that the user table was full of false user entries.
Seems to be ok now except for sorting the header images out.
Many many thanks again. Would be useful to have your message reworked as a security FAQ!
All the best for the holidays,
Terry
Seems to be ok now except for sorting the header images out.
Many many thanks again. Would be useful to have your message reworked as a security FAQ!
All the best for the holidays,
Terry
- tlove
- Posts: 30
- Joined: Mon Oct 01, 2007 8:47 am
- Location: Australia
4 posts
• Page 1 of 1
Return to OCS Technical Support
Who is online
Users browsing this forum: No registered users and 3 guests