OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



OJS hacked via iBrowser: Advice?

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

OJS hacked via iBrowser: Advice?

Postby davidsorfa » Sat Oct 05, 2013 2:54 am

Our OJS and OCS system was hacked this morning via the TinyMCE iBrowser vulnerability (I have now deleted this).

However, our OJS and OCS website now has a malicious link on every page (in Farsi) and I can't figure out how to get rid of this. It seems to be installed at some higher level.

Image

Our website is: http://www.film-philosophy.com/

Any advice would be much appreciated.

OJS: 2.3.7
OCS: 2.3.3.1
davidsorfa
 
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

Re: OJS hacked via iBrowser: Advice?

Postby JasonNugent » Sat Oct 05, 2013 7:24 am

Hi David,

The easiest thing would be to restore from a backup, if you have one. Otherwise, there are a few commands you can run on the command line and against your database to see what has been affected.

For starters, you can run:

Code: Select all
find . -type f -exec grep -l 'persiansales' {} \;


From the top of your OJS directory, which will print a list of files containing that string of text. To get the stuff in the database, you'd need to run a few SELECT statements against the various *_settings tables and look at the setting_value column.

Code: Select all
SELECT * FROM something_settings WHERE setting_value LIKE '%persiansales%';


It'll be an inefficient query because it won't use an index, but it will find anything that contains that string. You'd then be able to update just what has been changed.

It's probably also worth mentioning that if core OJS files on the server (not in the database) have been tampered with, you should take a good look at your file permissions. Even with an exploit, OJS shouldn't be able to write to anything other than what's in the cache/ directory.

Regards,
Jason
JasonNugent
Site Admin
 
Posts: 862
Joined: Tue Jan 10, 2006 6:20 am

Re: OJS hacked via iBrowser: Advice?

Postby davidsorfa » Sat Oct 05, 2013 9:23 am

Thanks, Jason. Managed to fix it all with having to do a full reinstall. Luckily nothing particularly malicious and I'll review the various permissions.

Thank you!

David
davidsorfa
 
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am


Return to OJS Technical Support

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 5 guests