I’ve been cleaning up a lot of crap over the past few days that was the result of an exploit on the site. Basically, most if not all “index.php” files in the directories of the site had various lines of advertising & link code inserted into them. They were inserted into hidden HTML elements so they couldn’t be seen unless you viewed the source.
At first I tried to figure out how the exploit was executed… WordPress? Gallery2? I wasn’t too sure so I removed all the spam links and javascript code and thought I removed access to the Gallery applications. But that wasn’t enough, as the next day I checked it, all the index files had been tampered with again. “Did someone get my password? How could this happen!” I thought. Then I realized there was still an old Gallery2 directory ready for exploiting. So I got rid of that promptly and cleaned up the whole site again.
I even re-installed WordPress to the latest version. My next steps are to install a backend for the site which would alert me via e-mail if certain actions occur.