Table of Contents
What is OJT Advanced Security
OJT advanced Security is our exclusive plugin that we built to add additional crucial protection to the OJS from illegal backlink injection, preventing the illegitimate user access caused by data breach, meta-data protection changes from the issue and articles (especially from past issue and published article) that can be abused to promote online gambling site or judol or other ilegal keyword or backlink.
Why OJT Advanced Security Plugin ?
As we have handled more and more client, the security is become one of main concern for their journal. As we heard about the leaked credential and the phishing site become daily threat.
Many of this hack attempt grant a successful credential thief by the hacker by stealing the cookies or seducing the OJS user to input their credential.
After they have gained access to the OJS, they may place a nasty backdoor to explore the server and take over the server’s highest roles as root. This is the reason that many of users that use the hosting that uses CPanel can also get hacked without the hacker needing to inject any malware or abuse the vulnerability in OJS. In another case, the hacker attaches a link to JUDOL. The negative impacts of this activity includes: Journal becoming seen as the host of online gambling affiliation, the data being manipulated by hackers, Google Scholar removing all the articles of the journal in their indexing, and many more negative impacts that affect the credibility of the journal.
The need for improved security protection become an essential and must-have feature for this kind of threat become essential for many of our client. The commitment to provide better support for our clients became our top priority. We also note that the OJS has very limited security feature. One of the proof is although we have implemented all the security features in OJS, the journal may still have a chance for getting hacked.
Currently in OJS, there are only very basic configuration in OJS security. Such as there is the feature of configuring the Google Captcha and Allowed Host. However as the attack pattern is more complex in the digital world, We develop an exclusive plugin for enhancing the security of OJS.
To prevent this kind of threat, our team has divided into two team: the first team that created a OJT Guardian that is created to protect our server based on Python and not directly related to OJS. The second one is to create an OJT Advanced Security which is an OJS plugin that can be deployed to all of the support and hosting clients.
In this we will introduce you OJT Advanced Security
OJT Advanced Security is created with the purpose to improve and provide the better security tool for our client. The features that we have built are based on our vast experience in handling many of reputable client. The feature include :
- Keyword Injection Protection
- IP Address Blocker
- 2-Way Authentication method
- User Agent Protection
With this plugin, you can configure improved security features such as when some user wants to add a backlink to online gambling, it will automatically block the activity. You as the OJS administrator can also block requests from certain IP Addresses. We also implement a sophisticated algorithm inspired by ModSecurity that will add a trust score to the traffic of OJS. If the request is decided below the trust score it will automatically block the request.
We also regularly update the pattern of attack to our client such as SQLI Pattern, RFI, and many more patterns. This is to make sure that the configuration get updated and makes the use of journal without interruption.
We believe that this advanced protection is the ONLY tool that is provided by us – OJT Team as the vendor that is focused on OJS. This also shows our commitment to providing better support and enriching the ecosystem of the OJS.
Why you need metadata change protection ?
Protecting OJS from Metadata Tampering and Security Threats
Through our experience managing thousands of OJS (Open Journal Systems) clients, we have identified a major security risk: OJS provides very limited built-in protection against unauthorized changes to journal metadata.
For example, OJS does not send alerts or provide controls when someone attempts to modify critical metadata such as:
- Article citations
- Abstracts or full-text content
- Author names and article participants
- Issue metadata or publication information
This creates a serious risk to journal credibility and indexing.
How Hackers Exploit OJS Vulnerabilities
If a hacker gains access to an OJS installation—often via a data breach—they can:
- Inject hidden backlinks into abstracts or full-text articles
- Alter citations or DOI metadata
- Modify author names or article participants
- Change indexing-related metadata without detection
Even small unauthorized changes can severely impact journal indexing, including:
- Google Scholar author profiles and citations
- DOI records
- Scopus or other major academic indexes
Our Solution: Metadata Security & Injection Protection
To address this critical OJS vulnerability, we developed a specialized protection tool that:
- Monitors OJS metadata in real-time
- Detects any suspicious changes or illegal keyword injections
- Notifies journal managers or admins immediately
With this system, your journal is protected against hidden attacks that could damage credibility, impact indexing, or harm author reputation.
The OJT Advanced Security plugin and the OJT Blazing Cache is included in our support service and hosting service.
With OJT Advanced Security features, we ensure you can operate with peace of mind and focus on what truly matters. No need to worry about non-essential disruptions, as our system is designed to safeguard your business, allowing you to be more productive and efficient in achieving your goals
