I have multiple sites that I just discovered to be compromised.

[root@spencerhosting .us]# ls
Help NetGamesUSA.com Textures images mvr3.0.zip
Logs SAS_server.log Web ini_settings.txt patch.md5
Maps Sounds anticheats.zip mvr ucc
Music System checkfiles.sh mvr3.0
[root@spencerhosting .us]# pwd
/home/horizon/public_html/typo3temp/temp/.us

It was an older install though. (Most recent changelog entry below)

2007-12-14 Ingmar Schlecht <ingmar@typo3.org>

* Release of TYPO3 4.1.5


Anyway, if anyone else is running older installs (Mine was ~6months old), then it's time to upgrade.

Chris,
Sorry to hear that your sites were compromised. Not much fun to recover from that.

For what it's worth, I believe TYPO3 4.1.7 patched the only security vulnerabilities that have occurred since 4.1.6. One was a low-severity vulnerability that required a valid backend login before there was any risk at all. The other was a cross-site scripting attack that was possible when a few specific extensions were installed. You can see full details at http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/.

Depending on your setup, it could have been one of these issues with the TYPO3 Core but I think the odds are pretty slim. I'd recommend checking the Security Bulletins at http://typo3.org/teams/security/ and making sure all your extensions are up to date. A vulnerability in an extension or elsewhere in the server environment seems more likely to me than either of the vulnerabilities with the TYPO3 Core.

Hope that info helps. Just want to make sure you get the true source of the vulnerability closed off!

Thanks,
jeff