Looks like the so-called hacking “attempt” on my site a few days ago was successful after all. I thought I had pulled the plug on the hacker by removing the PHP-infested comments they had posted, but it looks like the damage was done as soon as they posted the comment. By posting comments with certain PHP-commands, they were able to upload PHP Shell, a tool you can use to execute commands on a remote web server, even if you can’t have normal telnet-access. Bad.
Anyways, it’s now time for some damage control. All passwords will be changed, PHP Shell will be deleted – that’s a shock. In this process, the site might become a little unstable and throw all kinds of error messages at you.