realisticone

The wp-carousel plugin is dependent on the php-exec plugin. Install php-exec, then input the <?php wp_carousel(‘carousel#’); ?> code into the “html” editor option, not the “visual editor” and click Update.

Php code inserted from the visual editor side, or any time the visual editor is loaded as the default view, the php code will be lost. There are instructions in the php-exec plugin on how to configure this option.

We have the same problem. Installed 2.7.1 to 89 domains on one server. We had no more than set them up in their default state and bam. Now we are getting blank pages, and have lots of weird spam crap in /opt.

The server is out of control, and has to be formatted and re-installed. I know its wordpress because we have CentOS 5.2 running on hundreds of other machines, none of them got broken into except this one.

Would love to provide you with forensics on the box, but somehow they got access to the root account and locked everyone off. I lack the time right now to boot the machine up with a boot disk and investigate it. From what I gathered right before the crash it has to do with the new plugin installer feature because it was generating lots of “out of field data” errors. Looks to me like someone wasn’t properly validating input on their php.

I’m formatting the server now to install Drupal, or perhaps Joomla, and get this CMS issue handled. I’d like to have used wordpress but it just seems too insecure right now.

Regards