I'm running WordPress 2.8.1, and today found a blog I look after (uk.tug.org) had been compromised. It's back working now, but I wonder where the issue is. I've narrowed the issue down to a PHP Trojan (PHP/C99Shell-A) been added to the site, and in my logs I have a lot of access requests from one IP address, which is also the only one trying to access the Trojan file. So the question is, broadly, what do I do? I can let someone who knows about these things have a look at the log, if it is helpful. I'm obviously unsure if this is a WordPress issue, a hosting issue or something I might have done!
Thanks in advance for any ideas,