[wp-forums] Help I've been hacked

[Podz]

Petit wrote:
revision:

1. Don't panic. What's done is done. It's time to clean things up.
2. Inform your host. It is likely they will not be able to assist at
this point but at least they know.
3. You need to assume that your /wp-content/themes directory has been
compromised. You can download that directory but it must then be deleted
from the server.
4. Download a new zip from http://wordpress.org/download and from that
upload that themes directory. This will cause your blog to change to the
default setting but it will be safe.

This is where I get unstuck. We all know at a glance what files should
be where when looking through ftp and we would probably remember what
additional files we had placed and we would have backups*
So what can we tell someone who is worried?
"Rebuild your theme"?
To check side-by-side all wp-* files?
To alter permissions?
To check plugin permissions?

Or do we just need a hitlist of immediate measures and then a codex page
giving a heap more details?

P.

* - I'm the guy who has said "Backup" constantly for over two years and
yet 3 days ago nuked a complete domain (rm -rf *) and then went there in
a browser. "Why does it look like.....Oh S***" :)
(It was mine. I had no backup.)