A quick follow-up to our Attack Page Mishap earlier this month. We have discovered the compromise was not with WordPress or the WP Backup Plugin, but instead with the ZenPhoto application. I use Zen Photo for the gallery on my elguru.me site. ZenPhoto released an update on 11/11/11 (a couple days after the attack). Unfortunately, unless I am actually in the admin panel there is no way to know if there is an update. However, they do have a feed on their site I was able to subscribe to that is used for updates.The attack itself was not directly caused by the ZenPhoto application, but rather a 3rd party Ajax File Manager tool that was used within ZenPhoto.