Now that it's been a few months (since the second attack), I'll admit that when my WordPress blog was originally compromised over a year ago, I didn't know that I didn't completely fix it. I missed a back door, and a virtual storefront later appeared deep in my blog's hierarchy.
I wrote a script to find out which other websites were affected by the same attacker, and wrote an anonymous post about it, List Of Compromised Blogs.
I contacted most of the other victims, and got a lot of great responses. Most people were grateful to be informed of the issue and had it fixed.