Ahhh… same problem for me. A blog user of mine reported on May 20th that they were being prompted to register so that they could comment. I knew we’d not chanegd it (only two people have admin capabilities on my blog) so I was a little suspicious.
I come to post a quick update this afternoon and I cant post/edit sucessfully – did a google and landed here
I’m on a very old (2.0.1) version of wordpress and have never updated because… well… never really had to. This is the first time I’ve ever suffered any problems or lost any functionality.
So, i’ll replace the old index php and anything else that has been modified and manually clean the entries form the database.. my question then is… would the latest version (2.7?) have been immune to this inject/attack?
