I'm writing because yesterday I found out that some cracker managed to put a few malicious scripts on my website and given the scripts were only in folders writable by the web server, I'm pretty sure one of the scripts I use has a hole.

I'm using Wordpress, Textpattern and Zenphoto. I still don't know who's the one responsible, but one of them definitely has a hole.

Have you ever experienced something like this?

I'm very interested to know exactly what caused the problem; how you think they got in, etc. I think it's likely that ZP has security problems, since not much testing along those lines has been done. Please e-mail me with details. Thanks.