My site was also infected, and, my host de-activated my account until all of my dot.htaccess files are removed, WP is re-installed, and my three zenphoto instances are upgraded.
This is really bad. I'm quite disappointed that I installed malicious code from zenphoto.
My site was taken over too, which unfortunately spilled into a second site that I run within the same hosting account. Very important to replace / clean every php file on the system, and look at every .htaccess file, even any that are outside of the webserver's DocumentRoot.
Filipe - it's disappointing, but you run this risk with any php based software that accepts a user input. Whether you wrote it yourself or got it from places like zenphoto.
However, a more pro-active alert would have been good. I only upgraded to 1.4.1.4 a couple of weeks back, so wasn't checking this site looking for new updates. Each forum member has registered with an email address, how about a bulk email alert?
We are all humans and humans make mistakes...
Regarding more alert. If you don't visit the site regulary, use the rss feed, subscribe to our Twitter account (mirrors the rss) or the Google announcment mailing group (also all translators got it via the translate group).
Additionally there is an included plugin that displays the latest news within your Zenphoto admin overview pages if enabled
Sorry, if you use a free software you have also to be a little self active, too. We are a pretty small team (apart half a day due to time zones) and I think we were pretty fast with all this for that.
Btw, the forum has no massmail tool as far as I know.
Hello, I'm was hacked my zenphoto :/
I listed some address ip :
31.133.44.40
62.109.21.23
78.24.220.110
81.163.143.194
82.146.43.62
92.63.102.50
92.63.105.26
92.63.107.39
209.44.123.133
NOTE: I have editied the code examples given as they seem to generate virus scanner alerts. The backup as pdf is available here: http://www.zenphoto.org/news/security-alert-part-2