Dear PKP Community,
I urgently need assistance regarding a security issue with my OJS installation. I am currently using OJS 3.3.0-13, and my journal website has been repeatedly compromised. Malicious code is being injected into the system — including modifications to the index.php file inside the public_html directory — resulting in strange or unrelated words appearing in Google search results for my site.
Even after manually removing the injected content, it reappears shortly after. It seems the attacker has persistent access. I understand that this version is outdated, but I have not been successful in upgrading directly to the latest OJS version due to compatibility and system constraints.
My key questions are:
- How can I secure my current OJS installation immediately to stop the ongoing attack?
- What is the safest upgrade path from OJS 3.3.0-13 to the latest stable version?
- Are there any specific steps I should follow to clean the installation and verify file integrity before attempting an upgrade?
- Should I consider a fresh installation and migrate the database and files manually? If so, what is the safest method?
- Can I simply export my issues and articles and them import them in new installation? But this gives locale error while importing.
This situation is urgent, as my journal’s reputation and indexing are at risk. Any guidance or support from the community or PKP team would be deeply appreciated.
Best regards,
Pankaj