[CentOS] Update of CentOS 4.0 to 4.3 be serious

Wed Apr 12 17:29:35 UTC 2006
Mike Stankovic <mlists2006 at yahoo.com>

--- Barry Brimer <barry.brimer at bigfoot.com> wrote:

> 
> > The original poster has not told us why he is
> still on
> > 4.0
> 
> This system is still on 4.0 because I installed this
> system for someone a year
> ago.  Any time that there is an update that I think
> is important for him to
> install, I send him an email telling him to install
> a newer version to correct
> the current issue.  It seems that this person has
> not applied any updates
> whatsoever since I last touched the system, and I
> have informed him that it is
> quite dangerous to have his server live on the
> internet without updates for a
> year.  As far as the server it is providing
> web/email/ftp services, and this is
> his only server.  I am not close by to this server,
> but he is, and he can be
> hands and eyes (with rescue media) if needed. 
> Thanks to everyone for their
> input, it is greatly appreciated.
> 
> Barry
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

That is very serious. You cannot expose an email, web
and ftp server on the internet without security
updates for a year. The recent sendmail security
update allows a remote root exploit !!

There is the possibility that phpbb/phpnuke/awstats
are installed/cracked by hackers. Get an admin (hire
one) to look at the server and advise you before you
proceed further.

It would not be surprising if the server has been
compromised and 

- on a blacklist/used to send spam
- servers and underground bot network
- is used to participate in DDOS attacks. You could
see the FBI knocking on the door of your friend.

__________________________________________________
Improve the mailing list by performing a simple search 
before posting and reading the faq/etiquette. 
Thank you!!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com