Just got a note from Dreamhost that my sites were disabled for not running the newest WordPress, and they checked to see if they were running the newest version of WordPress because there was A PROBLEM. I went and investigated and sure enough, someone had back-doored into an backup of an old WP blog and was using it for nefarious bullshit. Fixed now, I think/hope, but yeah. That’s some crazy shit.
Today’s lesson? Keep your WordPress installation as up to date as possible. I actually thought I _was_ keeping it up to date, but somehow I got several iterations behind. Now running at 2.8.5 and back online. Will continue to monitor the situation.
– Christopher
Eek! And I was just thinking to myself earlier today, oddly enough, that I should not be in a panic when there’s a new WordPress update out that I haven’t noticed. Time to go update everything… (At least it’s automated now.) Glad Dreamhost gave you the heads up, at least.