I just got hacked by that site too. My latest blog post was largely deleted and replaced with:
<font style="position: absolute;overflow: hidden;height: 0;width: 0"><a href="http://www.sibresource.ru/">ландшафт</a></font>
Any idea how this happens? What do I need to change to plug this hole? Thanks.
Roy
(@gangleri)
You’re both on 2.6? Since when? Any plugins in use with known vulnerabilities? Are you on a dedicated or shared server?
I am on 2.6, since shortly after its release. Only plugins are Akismet and WordPress.com stats. Shared server (Dreamhost).
Roy
(@gangleri)
That’s not good news. Hopefully you fell victim to another insecure website on the same server.
Did you check error logs, etc. to find out how they came in? I’m no real expert on the matter, but if this is a 2.6 matter it concerns us all. If you DO have experience with tracking holes and hacks, I suggest you gatter as much information as possible and email it to security@wordpress.org.
I have been having problems with large numbers iof Russian / Cyrillic spam getting past Akismet. This would just be a nuisance EXCEPT …
At least once the spam seemed to replace an existing legitimate comment and deletion of the spam deleted the legitimate comment too.
(I’m version 2.7)
psybertron, please contact Akismet support with any information you remember about that comment.
http://akismet.com/contact/
