Hi @Dennis_Saputra,
Have a look at this thread – it looks like something has modified your OJS to add spam links. If your files_dir (see config.inc.php) is web-accessible, that’s probably how it happened. Unfortunately it’s impossible to tell from here which file has been modified; I’d recommend trying a standard tool like diff to compare your installation against a fresh download of the same version.
Regards,
Alec Smecher
Public Knowledge Project Team