koan - 9:19 pm on May 18, 2010 (gmt 0)

It's not just Wordpress, I had a few basic sites hosted on Godaddy with php files that were infected (not using any 3rd party softwares like Joomla or Wordpress), from various clients. The only common points were: php files and Godaddy.

I contacted their support to notify them of their vulnerability after I cleaned the sites, but they still cling to their "upgrade your 3rd party software" solution even though I didn't even use any in those instances.

The exploit uses cookies so it doesn't show up twice to the same user (or search engines) so some may think it is fixed when it is not.