Security Mitigation of the Open Journal System (OJS) Against Online Gambling Content Hijacking Using the ISSAF Framework
(1) * Sarjimin Sarjimin Mail (Universitas Putra Bangsa, Indonesia)
(2) Anggit Gusti Nugraheni Mail (Universitas Putra Bangsa, Indonesia)
*corresponding author

Abstract


The urgency of this research is to identify the causes, develop mitigation methods, and enhance the security of OJS websites, as many are infiltrated or hijacked for online gambling or other harmful content. Securing OJS websites is never easy because attacks are increasingly diverse and innovative every day. OJS system security is essential to protect the information contained therein and protect the services provided by scientific journal publishers. The ISSAF framework, which uses a simulation approach similar to a real server, can serve as a basis for identifying OJS Website vulnerabilities in Webmin for a system administrator. The results of the identification in this study indicate that the leading cause of OJS web server attacks originates from outside the simulation environment, specifically the internet network via ports 80/443. Vulnerability Session Hijacking with Cookies receives a CVSS vulnerability score of 9.1. A vulnerability in the web server configuration folder structure, traceable by crawler tools, receives a CVSS vulnerability score of 5.3. Repeated login attempts to the OJS system are not banned, and blocking the Attacker's IP receives a CVSS vulnerability score of 6.5. A file with the .php extension was successfully uploaded; it may be a backdoor file with a CVSS vulnerability score of 5.3. Although the OJS PKP changed/forced the file to .txt, the malicious file could be exploited in the future by unauthorized users. The novelty of this research lies in a server simulation that mimics a real server and the ISSAF framework for assessing the security of the Webmin web-based system administration tool on OJS websites.

   

DOI

https://doi.org/10.29099/ijair.v9i2.1546 		      

Article metrics

10.29099/ijair.v9i2.1546 Abstract views : 4

   

Cite

How to cite item
   

References


G. Guntoro, L. Costaner, and M. Musfawati, “Analisis Keamanan Web Server Open Journal System (OJS) Menggunakan Metode Issaf Dan Owasp (Studi Kasus Ojs Universitas Lancang Kuning),” JIPI (Jurnal Ilm. Penelit. dan Pembelajaran Inform., vol. 5, no. 1, p. 45, 2020, doi: 10.29100/jipi.v5i1.1565.

F. Kristianto, S. Rahman, and S. Bahri, “Analisis Kerentanan Pada Website Servio Menggunakan Acunetix Web Vulnerability,” JTRISTE, vol. 9, no. 1, pp. 46–55, 2022, doi: https://doi.org/10.55645/jtriste.v9i1.363.

I. Riadi, A. Yudhana, and Y. W, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” J. Teknol. Inf. dan Ilmu Komput., vol. 7, no. 4, pp. 853–860, 2020, doi: 10.25126/jtiik.2020701928.

T. Saleh, M. Malkawi, Z. Elgammal, A. K. Calay?r, and R. Alhajj, “Scenario-Based Cross-Site Request Forgery (CSRF) Attack Simulation,” in 2024 6th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), Alkhobar, Saudi Arabia: IEEE, 2024, pp. 1–5. doi: https://doi.org/10.1109/ISAECT64333.2024.10799863.

N. Albalawi, N. Alamrani, R. Aloufi, M. Albalawi, A. Aljaedi, and A. R. Alharbi, “The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities,” Electron., vol. 12, no. 12, 2023, doi: 10.3390/electronics12122664.

D. Y. Perwej, S. Qamar Abbas, J. Pratap Dixit, D. N. Akhtar, and A. Kumar Jaiswal, “A Systematic Literature Review on the Cyber Security,” Int. J. Sci. Res. Manag., vol. 9, no. 12, pp. 669–710, 2021, doi: 10.18535/ijsrm/v9i12.ec04.

Willy, W. S. Priatna, S. R. Manalu, A. M. Sundjaja, and Noerlina, “Development of Review Rating and Reporting in Open Journal System,” Procedia Comput. Sci., vol. 116, pp. 645–651, 2017, doi: https://doi.org/10.1016/j.procs.2017.10.035.

R. P3I, “Kerentanan Keamanan Open Journal System,” UM Surabaya. Accessed: Aug. 09, 2025. [Online]. Available: https://lp2ihki.um-surabaya.ac.id/homepage/news_article?slug=kerentanan-keamanan-open-journal-system

R. Weaver, D. Weaver, and D. Farwood, Guide to Network Defense and Countermeasures. Boston, 2014.

M. Ozkan-okay, A. A. Yilmaz, E. Akin, A. Aslan, and S. S. Aktug, “A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions,” Electronics, vol. 12, no. 1333, 2023.

R. Umar, I. Riadi, and M. I. A. Elfatiha, “Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF,” J. Ilm. Tek. Inform. dan Sist. Inf., vol. 12, no. 1, pp. 280–292, 2023, doi: http://dx.doi.org/10.35889/jutisi.v12i1.1191.

M. Fronita, S. Informasi, S. Teknologi, and U. I. N. S. Riau, “Analisis Celah Keamanan Website Sitasi Menggunakan Vulnerability Assessment,” J. Ilm. Rekayasa dan Manaj. Sist. Inf., vol. 9, no. 1, pp. 1–7, 2023, doi: http://dx.doi.org/10.24014/rmsi.v9i1.21823.

Z. Tamin, “Optimalisasi Analisis Keamanan Menggunakan Acunetix Vulnerability Pada Rekam Medis Elektronik,” KESATRIA J. Penerapan Sist. Inf. (Komputer Manajemen), vol. 5, no. 4, pp. 1732–1740, 2024, doi: https://doi.org/10.30645/kesatria.v5i4.494.

K. Huda and D. A. Saputri, “Evaluasi Kinerja Open Journal Systems ( OJS ) dengan Black Box Testing : Studi Kasus pada JITE Universitas Karya Husada,” JITE, vol. 01, no. 01, 2025.

A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, pp. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.

E. I. Alwi and L. B. Ilmawan, “Analisis Keamanan Sistem Informasi Akademik (SIAKAD) Universitas XYZ Menggunakan Metode Vulnerability Assessment,” INFORMAL Informatics J., vol. 6, no. 3, p. 131, 2021, doi: 10.19184/isj.v6i3.27053.

Rusydi Umar, Imam Riadi, and M. I. A. Elfatiha, “Security Analysis of Web-based Academic Information System using OWASP Framework,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 9, no. 4, Nov. 2024, doi: 10.22219/kinetik.v9i4.2015.

M. N. A. Nur and H. Hijriani, “cPanel Server Hosting Security Against Malware and DDoS Attacks on the Open Journal System Platform,” Sci. J. Informatics, vol. 11, no. 3, pp. 761–772, 2024, doi: 10.15294/sji.v11i3.11605.

D. Apriyanto and A. Prihanto, “Implementasi Dan Analisis Kinerja Webmin Sebagai Alat Managemen Bind DNS Server Studi Kasus Pada Virtual Private Server,” J. Informatics Comput. Sci., vol. 6, no. 4, pp. 1109–1119, 2025.

C. N. Siahaan, M. Rufisanto, R. Nolasco, S. Achmad, and C. R. P. Siahaan, “Study of Cross-Site Request Forgery on Web-Based Application: Exploitations and Preventions,” Procedia Comput. Sci., vol. 227, pp. 92–100, 2023, doi: 10.1016/j.procs.2023.10.506.

S. Sivakorn, J. Polakis, and A. D. Keromytis, “I’m not a human: Breaking the Google reCAPTCHA,” Black Hat, no. i, pp. 1–12, 2016.

M. Nowak, M. Walkowski, and S. Sujecki, “Conversion of CVSS Base Score from 2.0 to 3.1,” in 2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2021, pp. 1–3. doi: 10.23919/SoftCOM52868.2021.9559092.

A. Younis, Y. K. Malaiya, and I. Ray, “Evaluating CVSS base score using vulnerability rewards programs,” IFIP Adv. Inf. Commun. Technol., vol. 471, pp. 62–75, 2016, doi: 10.1007/978-3-319-33630-5_5.

D. Zou, J. Yang, Z. Li, H. Jin, and X. Ma, “AutoCVSS: An Approach for Automatic Assessment of Vulnerability Severity Based on Attack Process,” in International Conference on Green, Pervasive, and Cloud Computing, R. Miani, L. Camargos, B. Zarpelão, E. Rosas, and R. Pasquini, Eds., Cham: Springer International Publishing, 2019, pp. 238–253. doi: https://doi.org/10.1007/978-3-030-19223-5_17.

R. Ramadhan, J. Latuny, and S. J. Litiloly, “Perancangan Pengamanan Server Apache Menggunakan Firewall Iptables Dan Fail2Ban,” J. ISOMETRI, vol. 1, no. 1, pp. 9–15, 2022, doi: 10.30598/isometri.2022.1.1.9-15.

H. Krawczyk and H. Wee, “The OPTLS Protocol and TLS 1.3,” in 2016 IEEE European Symposium on Security and Privacy (EuroS&P), 2016, pp. 81–96. doi: 10.1109/EuroSP.2016.18.

O. Chakir et al., “An empirical assessment of ensemble methods and traditional machine learning techniques for web-based attack detection in industry 5.0,” J. King Saud Univ. - Comput. Inf. Sci., vol. 35, no. 3, pp. 103–119, 2023, doi: 10.1016/j.jksuci.2023.02.009.

A. Razaque, S. Hariri, A. M. Alajlan, and J. Yoo, “A comprehensive review of cybersecurity vulnerabilities, threats, and solutions for the Internet of Things at the network-cum-application layer,” Comput. Sci. Rev., vol. 58, p. 100789, 2025, doi: https://doi.org/10.1016/j.cosrev.2025.100789.

M. Ramadan, B. Osama, M. Zaher, H. Mansour, and W. El Sersi, “Enhancing Web Security: A Comparative Analysis of Machine Learning Models for CSRF Detection,” in 2024 Intelligent Methods, Systems, and Applications (IMSA), Giza, Egypt: IEEE, 2024, pp. 18–25. doi: 10.1109/IMSA61967.2024.10652629.




Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

________________________________________________________

The International Journal of Artificial Intelligence Research

Organized by: Prodi Teknik Informatika Fakultas Teknologi Bisnis dan Sains
Published by: Universitas Dharma Wacana
Jl. Kenanga No. 03 Mulyojati 16C Metro Barat Kota Metro Lampung

Email: jurnal.ijair@gmail.com

View IJAIR Statcounter

Creative Commons License
This work is licensed under  Creative Commons Attribution-ShareAlike 4.0 International License.