and so Im inquisitive..
I see joomla, I found your wp install.
and where was the file located?
These posts are tedious to me. having upgraded 2 previously hacked blogs is as many days, and seeing the results, Im suspicious of all of these other upgrades. meaning, I seem to have a process that works, and having upgraded these other blogs, Im not seeing the new installs being hacked, and they were extremely hacked before I got to them.
One thing I think ppl are missing is this..
Google for that file name. One of the most popular sites that comes up is this one:
terribly hacked, a wonderful example of an irresponsible, errant webmaster that ought to have his Internet drivers license revoked (if you ask me).
What version is installed on that site:
<meta name="generator" content="WordPress 2.1" />
What interesting exploits are there for that particular version?
Well, at the very least, there is one that successfully grabs your administrator password.
Now im going to go out on a limb, and suggest that that person probably wouldnt even know they were hacked..and that during any upgrade process, would see no reason to change their administrator password.
So hey, okay! They upgrade, but guess what, Szevegni from Croatia still has that password -- despite the fact that the install has been upgraded.
That for a while I was entertaining the idea that there was still a security issue in 2.3.3. I no longer think that. Ive had recent experiences with three separately hacked blogs in the last week, one of which included involving 2 WP devs, and I honestly think these are cases where ppl had previously compromised installs, and they simply have not secured their sites to the degree necessary following that compromise.
I have also "seen" (logged all the variables sent to the file being called) the spam injection exploit in action, and have tested it against a 2.3.3. install -- it doesnt work.
If 2.3.3 is insecure in any fashion, its not related to these spam insertions.
Just food for thought.
And honestly, anyone running Joomla.. ought to run for their lives.