<![CDATA[The urgency of this research is to identify the causes, develop mitigation methods, and enhance the security of OJS websites, as many are infiltrated or hijacked for online gambling or other harmful content. Securing OJS websites is never easy because attacks are increasingly diverse and innovative every day. OJS system security is essential to protect the information contained therein and protect the services provided by scientific journal publishers. The ISSAF framework, which uses a simulation approach similar to a real server, can serve as a basis for identifying OJS Website vulnerabilities in Webmin for a system administrator. The results of the identification in this study indicate that the leading cause of OJS web server attacks originates from outside the simulation environment, specifically the internet network via ports 80/443. Vulnerability Session Hijacking with Cookies receives a CVSS vulnerability score of 9.1. A vulnerability in the web server configuration folder structure, traceable by crawler tools, receives a CVSS vulnerability score of 5.3. Repeated login attempts to the OJS system are not banned, and blocking the Attacker's IP receives a CVSS vulnerability score of 6.5. A file with the .php extension was successfully uploaded; it may be a backdoor file with a CVSS vulnerability score of 5.3. Although the OJS PKP changed/forced the file to .txt, the malicious file could be exploited in the future by unauthorized users. The novelty of this research lies in a server simulation that mimics a real server and the ISSAF framework for assessing the security of the Webmin web-based system administration tool on OJS websites.]]>
Copyrights © 2025
