babloo/blyat spammer attack on many WordPress blogs
It injected many spam links into the database before the “read more” part of a post.
I am trying to figure out how this happened so it can be prevented from happening again, if it’s a plugin vulnerability or from WP’s xmlrpc.
So if anyone has more details please let me know. I do know it was not tied to any specific version, I have found the signature on WP 2.3 2.5 2.7 & 2.7.1
(sometimes the signature says “blyat” instead of “babloo”)