On Sunday, 11 July, our website -- erictric.com -- was exploited by means of XSS, which directed to a domain name along the lines of pantscow.ru.
We were forced to revert to a backup, unfortunately, which ensured I lost a full night of sleep.
I am frightened by the thought of not knowing of the origin of this attack, and fear it may happen again. Our site has been hack-free sinc inception, and the only thing we've changed recently is an upgrade to WordPress 3.0 when it was released.
Does anyone have any idea as to whether or not their may be security holes in 3.0? Is there a way I can find out how the attack came about? How to prevent it?
I can say that our passwords are all very secure (mixed numbers, letters, special characters), and our folder perms are set to 755, file perms to 644.
Any suggestions would be greatly, greatly appreciated.