Quoting Mike Stankovic mlists2006@yahoo.com:
--- Barry Brimer barry.brimer@bigfoot.com wrote:
The original poster has not told us why he is
still on
4.0
This system is still on 4.0 because I installed this system for someone a year ago. Any time that there is an update that I think is important for him to install, I send him an email telling him to install a newer version to correct the current issue. It seems that this person has not applied any updates whatsoever since I last touched the system, and I have informed him that it is quite dangerous to have his server live on the internet without updates for a year. As far as the server it is providing web/email/ftp services, and this is his only server. I am not close by to this server, but he is, and he can be hands and eyes (with rescue media) if needed. Thanks to everyone for their input, it is greatly appreciated.
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
That is very serious. You cannot expose an email, web and ftp server on the internet without security updates for a year. The recent sendmail security update allows a remote root exploit !!
There is the possibility that phpbb/phpnuke/awstats are installed/cracked by hackers. Get an admin (hire one) to look at the server and advise you before you proceed further.
It would not be surprising if the server has been compromised and
- on a blacklist/used to send spam
- servers and underground bot network
- is used to participate in DDOS attacks. You could
see the FBI knocking on the door of your friend.
I am an admin. I have not exposed any IP addresses, domain names, client names, or anything else. I do know how serious the problem is. I was hired to set this system up, and no more. I gave the usual lecture on updates and security. He has not maintained it, so now I am being hired (again) to get the system up to date. Part of this will be to hunt for rootkits, perform RPM verification, etc.