Gahd, how embarrassing. Me, the computer security PhD student. My machine got hacked, I believe because of this blog, though I will never be 100% sure. At one point I was running WordPress 2.1.1, which was compromised on the wordpress server. I.e., I downloaded and installed a backdoor myself! This goes to show that checking the sha1sum of a downloaded package is a worthwhile endeavor.
I’ve restructured my network so the web server is actually an old clunker machine, and not my main workstation anymore.