OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



urgent security bug

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

urgent security bug

Postby birkok » Sat Sep 22, 2007 5:26 am

Hello ,
I just couldn't find time to try the new version because of our journal's server suspended due to lack of security bug. We use OJS at http://www.insanbilimleri.com
The messages from server's technical service are shown below for your consideration.
1) how should I solve this problem in my server?
2) will you solve this problem in next version?

Would you please respond asap? It is very urgent problem and our journal is currently down.

Cuneyt Birkok
Editor
Interntional Journal of Human Sciences

security bug mesage:
-------------
We have received notification of phishing material in your account.
Phishing files are usually placed through some type of exploit of out dated
code, weak file and folder permissions. Packaged shopping carts and photo
galleries are usual sources as hackers find exploits and developers fix them
almost daily, so unless you constantly update the software or completely
secure it things like this can happen. ------------
Failure to respond to this message within 48 hours will result in the suspension of the
affected domain with us until such a time as this matter is resolved.

http://insanbilimleri.com/ojs/public/ww ... com/signin
/update.html

---------------------
birkok
 
Posts: 73
Joined: Sat Sep 22, 2007 5:12 am

Re: urgent security bug

Postby asmecher » Sat Sep 22, 2007 8:58 am

Hello Cuneyt,

It looks to me like someone has uploaded HTML pages to OJS's public directory. There are many ways this can be accomplished -- via FTP, via a PHP application (OJS, Moodle, a control panel, etc.), via a secure shell from another account on the same server if file permissions are weak, etc. As far as we're aware, there aren't any security flaws in OJS that could be used to accomplish this. My suspicion is that the permissions on your public files directory allowed someone to place files there, but they used a flaw in another application.

Unfortunately, it's impossible to tell without access to the server's log files. If I were investigating this sort of problem on my own server, here is where I'd begin:

- Look at the date the offending file was created
- Check the server's HTTP log to see what entries correspond to the exact date and time the file was created.

If the phisher used an exploit in a web application, this will generally indicate which.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm

Re: urgent security bug

Postby birkok » Sat Sep 22, 2007 9:54 am

Thank you for instant reply.

Thai is right someone has uploaded HTML pages to OJS's public directory.
http://insanbilimleri.com/ojs/public/ww ... com/signin/update.html
It is a phishing file.

But how can I prevent from upload again?
birkok
 
Posts: 73
Joined: Sat Sep 22, 2007 5:12 am

Re: urgent security bug

Postby asmecher » Sat Sep 22, 2007 11:56 am

Hi Cuneyt,

In order to fix the problem, you'll need to determine how the file was put there in the first place. Checking the file date against your log as described above will hopefully tell you via what mechanism the file was uploaded; once you know that, you can go about fixing it. My suspicion is that the file was not uploaded via a bug in OJS, but that another exploit (e.g. something in another web application) was used to create files in OJS's public files directory.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7717
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Technical Support

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests