I have been getting various errors recently since my upgrade to 2.8.4.
.../wp-includes/default-filters.php on line 205
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in .../index.php on line 17
Parse error: syntax error, unexpected '.' in .../index.php on line 17
I checked the files, and it appears someone someone has been able to inject malicious code (causes a virus from a .ru site) into various files.
...other filed changed have included wp-admin/index.php, wp-admin/index-extra.php, /wp-includes/default-widgets.php and various plugin and template files, specifically anything with an index.php.
I've checked my permissions, and they are correct. I'm using various security plugins including TimesToCome Security Plugin, WP Security Scan, and Bad Behavior.
The sites attacked are all hosted by GoDaddy... don't know if that may be an issue, but I've been moving away from GoDaddy and my sites hosted by JustHost have not been attacked.
Any idea how to stop this?