Hi @asmecher
I have also faced the same problem. None of the PDF files in the published issues can be viewed or downloaded.
While reading these treads I found the thread on “Security issue: Hacking via submission in OJS 2.4.8” . Following the article I investigated my own system and found that mine was also hacked by the same way.
As suggested, now I have moved the files_dir in config.inc.php to a folder outside my webroot. Directory browsing was disabled from the beginning from Apache. I believe now, the system is better protected.
But my issue is, still I can not view or download the PDF files. I have tried with a previous backup (both DB and files) which I have taken before the hacker attack. But the result was same. I also restored this backup in another physical server and kept files_dir setting according to my original location (inside webroot) while troubleshooting this PDF issue, but no luck.
Please help.