I've been looking through the forums, googling my butt off, and can't find anything that describes what I'm experiencing. And I need help getting rid of it.
A while back one of my posts got compromised with spam -- not in the form of a comment, or the post itself being edited, but rather this: the posts showed up normally on home page, but when you click a post title to go to the individual post (say, to leave a comment) you get a spam page. Not a bunch of spam links inserted into the post/page content, mind you, but a completely different web page hawking cheap drugs. However the URL is still the same URL as normal to view the post. This doesn't start happening up right away after publishing the post, but some time a little later.
The first time it happened, I figured it for a one-off deal, and promptly deleted the post and just copied its contents into a new post. But yesterday it happened again, so I thought I'd better take new measures.
First, I was long overdue for an upgrade anyway (was still using WordPress 2.0) so I installed the automatic upgrade plugin and upgraded to the latest. Then I changed my user password and ssh/ftp password at my web host. Then I posted to the blog saying, in effect, "sorry about the spam thing, but I went ahead and did this and this and hopefully it won't happen again."
This morning I find out it happened again -- to that very post:
Here are some more interesting details I've dug up: If you add a trailing / to the URL you get the post again instead of the spam site. Check it out: http://nothinghappens.net/?p=316/ However, before you tell me to check my .htaccess -- I don't have one. Also, I looked at the post's record in the database via phpMyAdmin and nothing's been done to it there.