My website, running on WP3.2.1 and fully updated was recently hacked, when I contacted the hosts, they sent me an email that said
Hacker IP "18.104.22.168"
They had used a POST command on the WordPress plug-in "Hello Dolly" in order to upload the new index.php file.
I've never heard of Hello Dolly being hacked, and wanted to know if this was them being honest or making excuses.
I can request more information, and would also love to know how I can prevent this in future. (disabling Hello Dolly is extreme, dont you thinks ;) )