Roughly a week ago my site began to be hacked by what I assume is a spambot of somekind. It's using an SQL insert or flaw to add really nasty porn spam to whatever post is currently at the top of the page.
A friend is my site's network administrator, and we've worked for the past week to clamp down on this. I've reinstalled WordPress twice, stripped out all the themes and plugins I had, changed every password I could think of - he's been watching packets, etc etc ... neither of us can get this to stop.
My assumption now has to be that there is an unpatched vulnerability in WordPress that is being used to do this. Does anyone have any further suggestions/ideas on how to deal with this?