This evening I found out that my WordPress website was hacked on 17-09-2009 10:00 localtime (Two days ago). 🙁 Not visible spam was added to the footer of this website and all downloads access rights were changed. Does anyone know how this is possible with WordPress 2.8.4? I upgraded three weeks ago my website to WordPress 2.8.4 so I personally think this hack is done with a WordPress 2.8.4 exploit!
The good news is that now everything is working normal again because i did the following things:
– Removed the spam from the footer.php template!
– Corrected the download access rights!
– Protected my score webservice against SQL insertion
– Set the unix file rights to readonly
– Changed all passwords