If you use Wordpress then you might need to upgrade to version 2.1.2 pronto! There are a couple of huge holes in the code, apparently inserted by someone for the purpose of intrusion! Said otherwise, the source code was somehow compromised.
Someone inserted code into at least two files (themes.php and feed.php) and in a nutshell, someone could pass operating system commands via a URL where they then execute on the system using PHP's passthrough() function. Ouch!
If you downloaded Wordpress between February 25 and March 2 then you have a vulnerable copy.
If you can't upgrade to Wordpress 2.1.2 then you might be able to use .htaccess to insert mod_rewrite rules on Apache to prevent attacks. Something like this might help:
Order Your Fundamentals CD Today! Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Implement a Successful Archiving Solution View this web seminar to learn the best practices for creating an email archive that is secure, compliant, and searchable.
Protect Your Company’s Digital Assets Do you know the risks of sending important files over email or FTP? Read this white paper to learn what you can do to safeguard your company’s data.
Prepare Yourself for Exchange Catastrophe Read this white paper to learn how you can keep Exchange server healthy, as well as predict and respond to server failure.
Boost Customer Confidence and Satisfaction Read this eBook to learn how faxing can ease communication with less computer-savvy customers while reducing your security, compliance and support woes.
Register
