orlo

seems like they are using some exploit to get in. Looking at the log file you send me- wht other plugins are in your wordpress installation I saw ‘wp-amazon-plugin.php’ and SK2 anything else?
And maybe you can send also the info for your friends plug ins…

If we assume for a second that wordpress doesn’t allow for any exploits- it should be one of the plugins…

I talked to kestrel – and it seems the provider has a bigger problem… the log file shows that some script is spreading across different clients/users on the same server- so I am not really sure if WP was the problem to start with… but changing the access rights should help a little… I think the provider will eventually figure it out 😀

seems like they are responding fast…

as i said before- seems like a couple of servers are affected (see google)…

this seems indeed a little bit worrying. Since reading these posts I got confused abiout which version you exactly use. Probably it’s best to first check your xmlrpc.php file.
Just in case (it’s still form the old version)

For the jvascript included there seems to be a quick work around… but we need to find the whole/problem they are using…