Help! I don't know if somebody is exploiting some wordpress code on my site or if I have some other vulnerability. Somebody is putting up a paypal scam site inside my wp-admin directory. I'm running: Debian Woody, Apache 2, php4, WordPress 1.5.
This guy has hit me twice now. After the first time I thought I could contain it by removing group/world write permissions for everything below my http root but I was wrong. The only thing I can think of is that somebody is executing some code via php to create the scam site.
Has anybody else had this problem?