I posted my problem in a public customer to customer forum at Site5... and the quasi-moderator of the forum was the one who replied. I am not even sure if he is a paid employee.
Given his post, I'd take anything he says with a grain of salt. He's just making stuff up as he goes along.
While he is correct that it is theoretically possible that it's a WP exploit (because any PHP script can have an exploit in it), this is unlikely for many reasons:
- No currently known exploits exist for the latest versions
- There have not been a large amount of hacked WP blogs recently, which you would expect if somebody found a real exploit
More to the point, if he is somebody in a position where he could investigate the matter, clearly he has not done so and simply blamed WordPress. That's not the kind of response you want from a hosting provider. Yeah, if I got that sort of response, I'd drop the host like a bad habit. If they're not concerned about security, then I don't want them to have my business.
I really *do* like Site5 and don't know what they could/should do.
What they SHOULD do is actually investigate instead of talking out their ass about it being a WP exploit. If it is a real exploit, then they should find out what the exploit is and tell the world, like any good netizen. If it's not an exploit, then even suggesting that that is what it is is downright irresponsible and, yes, possibly criminal.
In any case, I'm adding Site5 to my own list of "hosts not to do business with".
As for his comments on Open Source, you might tell him that the forum he's posting on is not open source, but that it is "visual source", meaning hackers can see the code to it as well. For that matter, the webserver hosting his forum runs Apache, which *is* open source. As is all other software that comprises the very backbone of the whole bloody internet. He uses open source software every single day, as does everybody else on the planet. So his comments about Open Source are not only fairly stupid, but ignorant of the facts as well.
For anybody who feels like commenting on this on their forums, you can find the actual post here: http://forums.site5.com/showthread.php?t=10297