I'm using a WordPress 2.7.1 version and I've been holding back from upgrading because of some pending issues with Unicode (for those of you familiar with WordPress's Unicode issue: this blog was started back in the days of WP Ver 1.6 or so, the MySQL charset and pagination issues are quite complex) and I came across the below problem yesterday:
Whenever I open up an existing post and hit the "update post" button, a window pops up with the below details:
Title: Authentication Required
Text: The server (our server domain, e.g. DOMAIN.COM) at Magic requires a username and password.
Entires: User Name: ____________________ Password: ____________
Buttons: Log In, Cancel
I attempted entering dummy ID and password and the pop up will go away for 0.5 sec and then come back again. I suspect this is some form of trojan so I didn't enter our real password.
When I press cancel, I am sent to /blog/wp-admin/post.php with a blank screen with a "Access Denied" message (Screenshot: http://www.flickr.com/photos/yonghokim/3772683860/ )
This popup is triggered when I hit the "update post" or "update page" button. The fact of whether contents of the textarea actually changed or not doesn't matter - clicking the "update page" triggers the popup. It doesn't happen when I post a new post. I haven't seen the popup in other areas of the backend or frontend.
My symptom is similar to http://wordpress.org/support/topic/247792 except I can seemingly do all tasks - logging in, posting, etc - except editing.
More information about this WordPress install:
I use the below plugins:
Attachment Manager 2.0.2
Audio player 1.2.3
Breadcrumb Navigation XT 1.7
Disable Revisions and Autosave
Flickr Photo Album 1.1
One Click Plugin Updater 2.4.13
Search Pages 2.3
TanTanNoodles Simple Spam Filter 0.6.2
WordPress.com Stats 1.5
Wordpress Automatic Upgrade 1.2.5
WordPress Database Backup 2.2.2
I did a major cleanup of plugins that kept obstructing the admin area with their upgrade notices, even when they were inactive plugins. I deleted a bunch of folders that belonged with the plugins; one of them was the XDRS(sp?) OpenID service framework.
I run this WordPress install on a VPS, and there are a couple other domains running WordPress and MediaWiki hosted along. One of the other WordPress installations was hacked on October of 2008, (the hacker deleted a month worth of postings and left a notice saying "This website was hacked by Daazle(sp?)" but I changed the admin password and haven't noticed any strange behavior since then.
I am hiding the URLs out of concern that this symptom may be the result of a scripted attack, and by giving out the affected website I may be notifying that the attack was successful, inviting for further exploits on the server.
Any thoughts on why this could be or how to fix? I'm considering upgrading to WP 2.8.2 to see if this will overwrite my install of any compromised PHP files.