I am running WP 2.3.1, and am finding unwanted files (like uploaded cracks, etc.) listed as having been accessed in my access logs. The log shows no uploading or POSTing of these files, only a successful GET.
Going there finds only the desired sub directories along with a file named 26644.php. It looks like a bunch of code responsible for redirecting or something.
Changing all passwords for everything on the site have not helped. This leads me to think that this file may be responsible, but I don't know how it got there. I have directory listing turned off so they get an error message if they navigate to where there is no index page.
I'm not going to enter it unless requested (I don't know how Akismet will behave with it).
I have given it a random name, and the blog seems to work fine. I also can't find this on my local playground files.
This file has shown up after I upgraded to 2.3.1, and I did the upgrade with a clean install after blowing everything out prior, and manually reloading on the site (I kept the database intact).
Any help or ideas would be greatly appreciated!