Index.php and .htaccess files always have 0444 permissions set even though they have been deleted

can anyone help solve the problem of ojs who were hacked.
We use OJS 3.1.2, for the last 2 months our OJS system has been attacked. We have seen and followed many ways to solve this problem, but the problem is not solved. from moving files_dir, etc.

the problem is index.php and .htaccess file is always generated after we deleted with the permission 0444 and we tired to find the problem solving.

im so sorry about, my bad spell english
thnks

Hi @Hasyim_Asy_ari,

If you follow the recommendations in “Recommended Configuration” in the README document, your installation should be safe. However, if you already had a hack e.g. due to an unsafe files_dir configuration, it’s likely that the attacker used an automated script to install further back-doors that can be used to re-attack the site even once the original method of attack is fixed.

Cleaning up after that is more of a general server management question than an OJS-specific question, but broadly speaking, once an attack has happened, you have to consider all content to be suspect. Use tools like diff (with the recursive option) to compare what’s in your installation (OJS plus possible modifications and back-doors) against what should be there (just the OJS codebase).

If your server is using mod_php to run PHP scripts, don’t forget that all PHP applications will share the same user account, so the problem might not even be located within your user account’s storage area. For that reason we recommend servers that use a setuid PHP environment, e.g. with FastCGI.

Regards,
Alec Smecher
Public Knowledge Project Team

thanks you for the response,
we’are the follow install requirement and the problem is solved. know we have the other problem like the picture.
we have AB ojs application, which is version 3.1.1 A (has no error) and B (now) version 3.1.2 (has error) and we compare them, B is an upgrade version from 3.1.1 to 3.1.2 which follows the instructions an upgrade. however, on the interface side, especially the settings menu and the others do not appear as shown.
2019-09-30_092845 2019-09-30_093047
thnks

Hi @Hasyim_Asy_ari,

Could you post that question as a new topic? It’s not related to the original thread. That’ll help keep the forum organized. Also please include anything relevant from your PHP error log.

Regards,
Alec Smecher
Public Knowledge Project Team