Over the last few days we have noticed an increase of 10, 000 spam posting attempts by spammers trying to post gambling and ring tones spam. A great majority of this (99%) was due to an exploit in the wordpress software. This exploit allows a spammer to gain access to the wp-content directory and upload what ever they want. The directory that the spammer has chosen to create is /wp-content/1/. After making that directory, they upload an archive and unzip it so to speak. Within this newly created and unpacked directory contents is several html file and a java script file.
What has made this so popular in the last six to eight months since it was discovered, why hasn't WordPress dev team figured out how these spammers are doing this in the first place. Having access to this level of a web site from the outside with a public url, is utterly stupid and just asking for trouble. If the developers were at all thinking, they would have made this /wp-content/ and all the other directories after it, below the public_html structure so it cannot be accessed except thru a script and with security. There is really no good reason that the public should ever have this kind of access to those directories and files. Even with the best intentions being made, to make life easier for the plugins, this could have been done differently.
For those that are reading this, we hope the best for you and your web site. If you are tired of constantly seeing security issues with WordPress, we invite you to move over to Geeklog. Geeklog can be made to look just like your WordPress site did, and you wont have the security issues you do now. There is even a converter for this if you export your database to MT and then save it. The script has all the directions in the archive on how to do this. We have a copy of it here on our site, so you can download it. We hope this will help everyone that migrates over and keeps people from continuously having a headache.