Hi @Zhanneta_L_Kozina / all,
You might want to take a look at this post/thread for information on how to review user accounts, particularly for admin roles.
If you have experienced a hack, there really is no substitute for a careful look over the system to determine the means. For example, if there’s a back-door script on the server, check the file creation time and correlate it against the server’s access log to see if you can identify the request that created the script. Unfortunately we can’t do any of that from here.
PKP runs a large hosting operation, and we are not seeing our installs compromised – which suggests to me that folks are either misconfiguring their installations, or were running out-of-date versions of the software for which there are known vulnerabilities. We are attentive to anything to the contrary, but will need details in order to make any investigations. (And again, if you do find details, please contact us privately with those per our security policy.)
Thanks,
Alec Smecher
Public Knowledge Project Team