ESET File Security for Linux reports “HTML/ScrInject. B” as a critical issue, just after disabled Memcached on config.inc.php. The report says that it happens in the file: [OJS]/cache/fc-journalSettings-17.php by user root on process apache2.
We are using OJS 3.1.1-4 on Debian 10, there are no log messages.
ESET doesn’t report issues if we activate again Memcache, but, we don’t use it per @asmecher recommendation in previous posts.
There is probably malicious PHP code running on your server. Cleaning it up is beyond the scope of this forum – there are good general practices for doing this that aren’t specific to OJS – but I’d recommend reviewing a few threads on this forum for some general info:
If your server is running PHP scripts via mod_php, then the culprit could be any PHP script on your server – they will all run with the same user permissions. (For this reason we don’t recommend running PHP with mod_php in a shared environment.)
Regards,
Alec Smecher
Public Knowledge Project Team