I run several WP blogs and about a week and a half ago they got hacked. At the time they were running 2.6.2. I saw the 2.6.3 update and figured that's what I needed. So here's what I did:
- Deleted all folders and files from my website
- Restored everything (excluding the WP blogs) from a backup that pre-dated the hack
- Re-installed the blogs using 2.6.3
- Changed all my WP user passwords
About a week later, I've been hacked again.
Here's what I'm seeing:
The following line has been added to the end of all my RSS feeds - vpn
A number of files have shown up on my web server that don't belong there. They have names like trex_5.php 8.php 7.php etc.
Also I'm noticing some folders called dir_stats that I don't think belong there. I'm checking with my web host on this to see if this is something they put there.
I desperately need help here. If anyone has any suggestions, please let me know.
I've looked in the forum and only seen one other person that looks like it might be a 2.6.3 hack (http://wordpress.org/support/topic/214908?replies=21)
Please help if you can.