OJS hacked via iBrowser: Advice?

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

OJS hacked via iBrowser: Advice?

Postby davidsorfa » Sat Oct 05, 2013 2:54 am

Our OJS and OCS system was hacked this morning via the TinyMCE iBrowser vulnerability (I have now deleted this).

However, our OJS and OCS website now has a malicious link on every page (in Farsi) and I can't figure out how to get rid of this. It seems to be installed at some higher level.


Our website is: http://www.film-philosophy.com/

Any advice would be much appreciated.

OJS: 2.3.7

Site Admin
Posts: 910
Joined: Tue Jan 10, 2006 6:20 am

Re: OJS hacked via iBrowser: Advice?

Postby JasonNugent » Sat Oct 05, 2013 7:24 am

Hi David,

The easiest thing would be to restore from a backup, if you have one. Otherwise, there are a few commands you can run on the command line and against your database to see what has been affected.

For starters, you can run:

Code: Select all

find . -type f -exec grep -l 'persiansales' {} \;

From the top of your OJS directory, which will print a list of files containing that string of text. To get the stuff in the database, you'd need to run a few SELECT statements against the various *_settings tables and look at the setting_value column.

Code: Select all

SELECT * FROM something_settings WHERE setting_value LIKE '%persiansales%';

It'll be an inefficient query because it won't use an index, but it will find anything that contains that string. You'd then be able to update just what has been changed.

It's probably also worth mentioning that if core OJS files on the server (not in the database) have been tampered with, you should take a good look at your file permissions. Even with an exploit, OJS shouldn't be able to write to anything other than what's in the cache/ directory.


Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

Re: OJS hacked via iBrowser: Advice?

Postby davidsorfa » Sat Oct 05, 2013 9:23 am

Thanks, Jason. Managed to fix it all with having to do a full reinstall. Luckily nothing particularly malicious and I'll review the various permissions.

Thank you!


Return to “OJS Technical Support”

Who is online

Users browsing this forum: No registered users and 2 guests