If you have downloaded WordPress 2.1.1, it has been compromised to allow easy access to your web server. You should immediately upgrade to the newest version on Wordpress.org.
Specifically, theme.php and feed.php have offending code located in them. All web hosts that have upgraded to this version should upgrade to the latest or remove the offending code inside the above file names. The code starts with variables of “ix=” or “iz=”.
Lastly, I’d like to actually thank the WordPress team for using the proper term to describe this incident. A cracker caused this, not a hacker. There is a difference, and unfortunately, the media has muddied the terms. Sorry, but this is a pet peeve of mine.
