Are you running a version of WordPress prior to 2.8.4? If so, you should upgrade now. There’s a major attack going around that targets older versions of WordPress. Lorelle has the full details.
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
In case once wasn’t enough, upgrade your copy of WordPress if the version is less than 2.8.4. This security flaw, of which details are lacking, applies to any version of WP prior to 2.8.4, and any site running the older software is at risk.
