Some idiot used some code injection thing to use my site to send a ton of spam (some Chase phishing). After maxing out my outgoing limit, my host automatically bounced the rest back to me. ~3000 came back! What a mess.
I've updated PHP and applied some Geeklog security updates, so I hope that takes care of it. I'm sorry if any of those might have hit any regulars to my site (it would be pure coincidence). No information seems to have been compromised, not that I have anything usable to anyone, my site was just used as a relay of sorts.