Via DF, news of a large automated attack against WordPress installs.

Yeah, like this one.

As far as I can tell, Fnord, annalog and gemmacasa are all still clean, but please keep your eyes out for odd links or content, and email pfh at phfactor if you see anything (phfactor.net, that is)

Yay. Spammers suck.

Update 9/6: Anil to the rescue:

Since the attack is targeting non-current versions of wordpress, then all the vulnerabilities should be listed in the CVE. So if you compare

http://www.debian.org/security/2009/dsa-1871

and

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wordpress

you’ll see that Debian is quite up-to-date. To be extra sure you can look at the Debian changelog for the package you have installed.

So, looks like you’re fine. :-)

Thanks, Anil!