Donncha, thanks for responding to me and sorry that my initial comment up there was so, well, lame. I didn’t want to write a whole novel before being sure that this is actually a “new” kind of a problem.

The story goes like this: I have been using WP since 1.2 on a very large website and I’m always erasing things completely before each upgrade according to the manual (apart from and I was not using any sort of an automated installation gizmo (the website in question is hosted with Servage). I check every single folder of the installation every day, my .htaccess is properly CHMOD’ed, yet I ended up with “yayayayayaya” randomly added at the end of my index.php file and, the week before, the gallery on my site, powered by Gallery2 and using the WPG2 plugin, had zillions of spam links inserted into it twice.

That is why I’m not 100% sure if it’s WP, Gallery2 or both, as the “yayayayayaya” thing happened after the gallery no longer had security issues.

My other sites, including the one posted with my comments, did not have that problem. And they all run on WP 2.3.3; but they’re hosted on a server with control panel and the more “usual” set-up.