WordPress has just announced that comment forms can allow hackers to hack your admin page to redirect to hacker’s desired pages, please update to version 2.8.2 so you are no more vulnerable to this hack.
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.