Quoting Mike Stankovic <mlists2006 at yahoo.com>: > --- Barry Brimer <barry.brimer at bigfoot.com> wrote: > > > > > > The original poster has not told us why he is > > still on > > > 4.0 > > > > This system is still on 4.0 because I installed this > > system for someone a year > > ago. Any time that there is an update that I think > > is important for him to > > install, I send him an email telling him to install > > a newer version to correct > > the current issue. It seems that this person has > > not applied any updates > > whatsoever since I last touched the system, and I > > have informed him that it is > > quite dangerous to have his server live on the > > internet without updates for a > > year. As far as the server it is providing > > web/email/ftp services, and this is > > his only server. I am not close by to this server, > > but he is, and he can be > > hands and eyes (with rescue media) if needed. > > Thanks to everyone for their > > input, it is greatly appreciated. > > > > Barry > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > That is very serious. You cannot expose an email, web > and ftp server on the internet without security > updates for a year. The recent sendmail security > update allows a remote root exploit !! > > There is the possibility that phpbb/phpnuke/awstats > are installed/cracked by hackers. Get an admin (hire > one) to look at the server and advise you before you > proceed further. > > It would not be surprising if the server has been > compromised and > > - on a blacklist/used to send spam > - servers and underground bot network > - is used to participate in DDOS attacks. You could > see the FBI knocking on the door of your friend. I am an admin. I have not exposed any IP addresses, domain names, client names, or anything else. I do know how serious the problem is. I was hired to set this system up, and no more. I gave the usual lecture on updates and security. He has not maintained it, so now I am being hired (again) to get the system up to date. Part of this will be to hunt for rootkits, perform RPM verification, etc.