(directorial credit: Leftjustified)
Looks like according to Dr Dave of Spam Karma an security hole or hack using guest accounts on WordPress.
Those running WordPress are highly recommended to goto ‘Options’ in your control panel and unclick ‘Anyone can register’ for the time being. All installs of WordPress and those not using Spam Karma should do this.
Sounds like WordPress is working on it but the releases aren’t out there or fixed yet. I have total sympathy with Dr Dave’s issues with WP team’s speediness/mixed response, I had dealings with them over the multiple enclosures and not being able to delete an enclosure issues (standard default response: “It’s supposed to be like that” – what even not being able to delete the enclosures?!?)
I gave up on a fix or functionality to fix the multiple enclosures after nearly a year and installed this plugin not from WP which works like a dream.
Not impressed by the WP dev team or how they do things…
EDIT: Interesting how I wrote this before seeing my concerns echoed here and here…yeah it’s all internal politics, and I still thing WordPress is the best tool around (better than Livejournal apart from the social side and ‘friends’ postings) but the commercial side to WordPress worries me…and I see of this reflected on a bigger scale in the current ‘Web 2.0’ VC feeding fest, and maybe affects how they interact with people?
But maybe that’s for another post. Especially including Podshow+ aping like Myspace…;-)
The important thing though, with either PHPBB or WordPress or any open source product is to update regularly…in the case of WP I have to give credit it’s fairly easy (could be better, fiddling around finding the path to the ‘Upgrade’ link is no fun) but PHPBB is a bitch…
EDIT 2: WordPress 2.04 has been released to fix this issue – I’d recommend you upgrade ASAP. I will when I get the chance.