Our journal site which uses OJS is sending out large quantities of spam, phishing mails. I changed the control panel password and email password, and upgraded to 2.4.8-1, but the problem still persists.
First, I get this mail: “This is a test email sent using Email Sender Deluxe. If you received this email, then your email account setup is working.”
Then the phishing mails start flowing.
I contacted my hosting provider, and they asked me to remove any “inbuilt mail sending scripts”.
Is this likely to be an OJS issue? If yes, what to do to solve this?
Thanks for the prompt response. The issue seems to be in the files directory. mysite/files returns a page which says “hacked by ./Coco || contact me : firstname.lastname@example.org” . Shall follow the steps detailed in the thread you suggested, and get back.
Thanks once again.
Thanks a lot, and apologies for not paying attention to that aspect before.
I am not an expert, and hence please clarify a doubt. I moved the files directory from outside the “public_html” folder to the root folder of the server. Now, how do I enter the path in config.inc.php ? (Previously it was files_dir = files ). Or, would it be better to keep the files directory in the public_html itself and change the permissions? If yes, what permissions should I allot to the folder?
Also, in the files directory, there is a folder named scheduledTaskLogs . Is it created by OJS, or could it be work of the hacker?
The reference to your files_dir in config.inc.php can be a relative or an absolute file path. For example, it could be something like: files_dir = /user/home/myuser/ojs_files
or files_dir = ../../files
The scheduledTasksLogs folder is created and managed by OJS.