Regarding “Open Journal Systems Hacking Epidemic and Solutions” | Public Knowledge Project
lterrat's bookmarks 2017-02-01
Summary:
"A recent wave of spam email was sent to many members of the OJS community suggesting that OJS is insecure and that only the spammer’s product, which is not affiliated in any way with PKP, could prevent hacking. Just to be clear, our software has been and continues to be secure without the use of any third-party products or services, and we reaffirm our diligence in the timely reporting of any real reported security vulnerabilities via our community forum, our blog, and our various download pages.
We are occasionally asked questions on our community forum about security issues and we respond with advice and guidance on how to strengthen OJS configurations and server environments. We have put together a short FAQ on recommended practices for configuring an OJS system to be secure, which is available here. This guide also includes some helpful information on how to manage files from unknown people safely on your personal machine, and how to tell real hacks from fake ones.
If you have any questions, please post them to our community forum, or directly on the FAQ linked above."