However, on my latest post at my geekblog, I was hit by the injection spam again. I have sent the following email to wordpress security (security @ wordpress.org)
I have a WordPress blog at domain http://haibane.info which was upgraded to 2.3.3 as soon as the security release came out last month. I had experienced the injection spam attack detailed here:
and upgraded to 2.3.3, but on my most recent post I have seen the same spam attack occur. The post is here:
and I have already removed the injection spam, but am reprinting it below :
<noscript><a href="http://www.casinomejor. es/casino-online- basico.html">casino online</a> mirar sus oponentes hï¿½bitos.</noscript>
<noscript>Il <a href="http://www.qualitapoker .com/neteller-game-poker.html">http://www.qualitapoker .com/neteller-game- poker.html</a> ï¿½ un gioco di carte.</noscript>
(there were two separate injections into the same post)
I am disabling user registration as a precautionary measure but it is clear that the 2.3.3 release did not solve the problem.
I recommend closing user registration on all WP blogs for the time being. Peter’s captcha plugins make user registration obsolete for commenting, anyway.