Evidently there's a new round of hacks hitting linux servers through plugins and insecure PHP scripts.

While there is no clarity on the exact method of the attacks, they seem to be targeting various plugins that might be part of the applications running on your Customers’ websites.

Much like the Gumblar attacks around the same time last year, we suggest that you warn your Customers and ask them to keep the Web Applications running on their websites up to date. This includes Wordpress installations, or any other CMS which needs regular updates.
I'm scanning my customers sites now using http://www.urlvoid.com/ ... so far so good. I try to check them every month or so, but it is time consuming.