So far I know, you should edit the "“files_dir” in config.inc.php and move your files folder to that place. It will not cause problem for past files and will work even for future uploads.
Actually you should do this to prevent anyone from the web to directly access your contents of files folder.
I went through the same problem you are going now. Initially I had my upload folder within public_html.
Later I moved it to outside of public_html and then changed the path in config.inc.php.
Everything was in order without problem.
Another word, if you keep a backup of your upload_folder, you can play with that folder. If it does not work you can simply copy that folder to the current location and your site will be working as it is now.
Note: You should keep your folder outside of public_html folder so no one can directly access it form the web.
Dear Friend,
Recently we migrated to CPanel.
Now we would also wish to the keep the files_dir outside public_html.
But do not understand where to keep.
May we keep it in public_ftp or we need to create a folder inside home.
Kindly suggest.
Sincerely,
VJ.
Dear Friend,
It is the same Indonesian Guy, who hacked my site too.
I can recreate the site in my localhost using the fresh codes from ojs and now ready to upload the contents with files_dir in Home/. But the database seems to be the same. Will it be having any malicious codes within it?If, yes then how the database can be sanitised?
Kindly guide me get the things secured and operational.