Thank you jest3r-, your post has been really helpful!
We identified 4 Ip addresses that asked to our server the ajaxfilemanger files:
31.133.44.40
81.163.143.194
78.24.220.110
209.44.123.133

My site was also infected, and, my host de-activated my account until all of my dot.htaccess files are removed, WP is re-installed, and my three zenphoto instances are upgraded.

This is really bad. I'm quite disappointed that I installed malicious code from zenphoto.

My site was taken over too, which unfortunately spilled into a second site that I run within the same hosting account. Very important to replace / clean every php file on the system, and look at every .htaccess file, even any that are outside of the webserver's DocumentRoot.

Filipe - it's disappointing, but you run this risk with any php based software that accepts a user input. Whether you wrote it yourself or got it from places like zenphoto.

However, a more pro-active alert would have been good. I only upgraded to 1.4.1.4 a couple of weeks back, so wasn't checking this site looking for new updates. Each forum member has registered with an email address, how about a bulk email alert?

We are all humans and humans make mistakes...

Regarding more alert. If you don't visit the site regulary, use the rss feed, subscribe to our Twitter account (mirrors the rss) or the Google announcment mailing group (also all translators got it via the translate group).

Additionally there is an included plugin that displays the latest news within your Zenphoto admin overview pages if enabled

Sorry, if you use a free software you have also to be a little self active, too. We are a pretty small team (apart half a day due to time zones) and I think we were pretty fast with all this for that.

Btw, the forum has no massmail tool as far as I know.

I don't do Twitter - too much banality. However I found the google mailing list after I posted, so have now subscribed to that. Though it may not catch everyone, which is why I wondered about the mass email... I'd used the feature in phpBB to alert my users.

Hello, I'm was hacked my zenphoto :/
I listed some address ip :
31.133.44.40
62.109.21.23
78.24.220.110
81.163.143.194
82.146.43.62
92.63.102.50
92.63.105.26
92.63.107.39
209.44.123.133

I agree about Twitter in general..;-) We will have to look if there is actually mass mail addon for this forum. But still I think the best is the mailing list or RSS.

NOTE: I have editied the code examples given as they seem to generate virus scanner alerts. The backup as pdf is available here: http://www.zenphoto.org/news/security-alert-part-2