I seems some people are reporting issues with their WordPress 2.7.x sites being injected with some nasty java code.

Rogi has pointed out this thread on the WordPress support forums which makes mention of a few instances where  multiple sites were hit by the same IP as per their access logs, at exactly the same time that their header files were changed.

Might be worth blocking the offending IP range 87.118.120.x until this gets sorted.
However, if the offender changes IP, or shares his script with the world this will be not much more than a false sense of security…

If you choose to filter the IP block, you can do so in your .htaccess file by adding the following lines to the end of the file:

order allow,deny
deny from 87.118.120.
allow from all

Update: This site has some good information regarding this exploit, and mentions:

… It appears that the exploit is fixed in versions of WordPress beyond 2.6.5, but that the WP Super Cache plug-in continues to allow the exploit somehow.

Also of note,  photocritic.org recommends the following for hardening your WordPress installs :

If you’re affected by this, fix the issue, and then read Hardening WordPress and Did your WordPress Site get Hacked – both of which give a lot of starting points for research into how you can stop this happening again.

Going to take a look at this myself….

So my problem with installing WordPress (2.5.1 and 2.6.1) was a blank screen at the point where the install was running in /wp-admin/install.php.

I was able to create the config.php using the web interface, however at the next step of actually installing WordPress it failed with no output to the screen and no error message in the server logs.  It did not even get to the point of creating the database tables in the MySQL database.

I found nothing that worked online about this despite many suggestions, but I happened on a fix pretty much accidentally.

The fix was to add the following line to the .htaccess file in the root directory of the server.

php_value zend.ze1_compatibility_mode "0"

Do I know why it worked?  No.

It was a setting I had to change for another application (MediaWiki), and it had the added benefit of fixing me up, though it still took a little bit of time to realize that was indeed the fix.

So far, everything appears to be back to normal with WordPress, with the exception of any of the custom tweaks I did.  Murphy being murphy, my backup archive is corrupt, but if nothing else, I at least got all of the MySQL data, so my posts are reasonably intact.

Backto wordpress…Yay!