I was hacked on my own server I run from my house. They changed my config file which put up a black page that stated I was hacked by CEM111 and went on to show a flash slideshow stating that it was done in the name of the islamic community.
I just found the c99shell on the drive but also noticed a complete shell running aparently called locus7shell which if you run a search on google for the you will notice that there are a large amount of people out there that are infected with this and you have access to their files on the servers with command options including uploading.
I have since taken my site down and deleted everything.
I suspect that they did this going through the setup-config.php file in the admin directory. from there changing the config file which opened them up for the rest of the changes. Of course this is just my suspicion not a fact. So one bit of advise is to make sure after installing your WP make a backup of the setup-config.php file and delete the one on the server. Then make sure to set the config file to read only
Other then that I dont know what
