Hi @sherrikeller,
Was your files_dir a subdirectory of your web root? If so, that’s probably how your system was attacked. See PKP Applications and Security for some information on how to deploy our applications safely.
Once a server has been broken into, you should treat all content on it as suspect. If you didn’t make any changes to your OJS code, then I would suggest thoroughly reviewing the contents of the files and public directories, saving them (along with the database), and discarding the OJS code in favour of a fresh install from a new .tar.gz download.
Regards,
Alec Smecher
Public Knowledge Project Team