says @f "These are Dreamhost accounts compromised" - No. Exploited WordPress on non-DH host. See suspect themes: http://blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html - TimThumb is used in several WordPress themes, was recently patched. More on the TimThumb security issue: wpcandy.com/series-on/timthumb-security-issue. in-reply-to: twitter.com/f/status/111774563230158849
new server exploit: mod_rewrite now-protect*ru redirect added to htaccess, hidden with extra returns/tabs. more: discussion.dreamhost.com/thread-131216.html. Check all your .htaccess files, turn on "Soft Wrap Text" / "Word Wrap" in your text editor, check for extra lines, search for "now-protect", and delete all such extra lines.
t