Update on whats going on with my sites.
I have a few WP 3.1 blogs 1 of them was over looked when I was updating not long ago and its WP 3.01 that site has not been touched but all others have been hit several times. The only was I was able to stop the injection on the other sites was to move the WP config file up one level to the non web accessible dir. I had tried every CMOD I could think of to try and stop it. But since moving the config non of the sites have had a problem.
FYI check your blog roll links have found new links that have been inserted into the list.
All my WP sites have had this happen. Multi domain names, all cpanel SQL generated strong passwords, not using wp_ tables, config.php in top level folder (non-web viewable), sites without plugins and all on the same shared host have all had this injection. One I even cleaned last night changed all passwords for WP and SQL and now its hacked again.
This has to be a host problem but how to get them to listen and figure out why/how this is happening is the problem.
