OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



We've been hacked!

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.

We've been hacked!

Postby blake » Wed Dec 01, 2004 2:17 pm

Our ojs site was hacked by "aneurism.inc"! They have replaced index.php with a simple text file containing "anurism.inc" and who knows what else!

Please tell me tighter security will be part of version 2.0??

Blake
blake
 
Posts: 12
Joined: Mon Jun 07, 2004 9:57 am

Postby kevin » Wed Dec 01, 2004 4:04 pm

Yes, security is a much higher-priority issue in 2.0 than the afterthought it was in 1.x.

Assuming it was an OJS bug, do you have any details on the vulnerability that was exploited (e.g., from looking at your web server logs at the time)? Feel free to send your logs in to us for further investigation if you can.
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Hacker problem

Postby ramon » Thu Dec 02, 2004 6:07 am

Fellows,

We've been hacked too, but it was through de urldecode function used in a highlight variable of PHPBB.

There is a workaround to remove all special characters sent through that variable, but I don't have it yet.

Our forum index page was changed. If OJS uses this function to send and treat variables, that may be the vulnerability.
ramon
 
Posts: 945
Joined: Wed Oct 15, 2003 6:15 am
Location: Brasí­lia/DF - Brasil

Postby kevin » Thu Dec 02, 2004 9:20 am

Yes, I'm aware of that phpBB security hole, and patched the PKP forum recently to address it.
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

More Info

Postby blake » Thu Dec 02, 2004 11:14 am

Initially I thought this attack was clearly an OJS vulnerability because the first thing we noticed was a defaced OJS home page. However our system was root compromised so I suppose any RedHat 9 exploit could be to blame.

On the other hand there were other pages and applications on this server that were not damaged so OJS could still be a culprit. We're back up an a tightened and restricted mode and working on more permanent security fixes.

Blake
blake
 
Posts: 12
Joined: Mon Jun 07, 2004 9:57 am


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: No registered users and 2 guests