Infected OJS with script

Hi, we are running on OJSv3 at the latest.
We have found, using the Cpanel malware scanner, a few infected files.
We deleted them but still have one file in root “php.ini.php” which is, after deletion, created by itself again.

  1. Any suggestion on how to solve that?
  2. How to make OJS more secure?
    Thank you

Could you verify that this OJS installation complies with Securing Your System ?

Sorry to hear this @komir

OJS is safe. The PKP team is adding patches to the code every time a new bug is found and the code is reviewed in an automated way by specialized tools.

But, as with all applications, for your OJS to be safe you must keep your OJS up to date and also keep in mind that the ultimate security depends on a long stack of underlying applications that also need to be secured (i.e.: linux > apache > mysql > php > libraries > plugins). And finally, there are also human factors that could be a vector of attack on your system.

As Diego suggested, take a look at the documentation to make sure you follow PKP’s directions and check your logs to find out how the malware got into your system.

Only if you know how it happens will you be able to protect your system.

Best regards,
m.