> theres lots of vulnerable Linux servers out there, managed by poorly > skilled admins - mainly teenagers playing around - ... IMHO > attacking a linux server is more convenient than a windows server After setting up a secure Apache (irrespective of the distribution) a lot of admins go get a "php-this" or "php-that" web program from a repository. Unfortunately, they don't ask the question of how this thing will be automagically updated each time a vulnerability is fixed, so the program never gets updated. Those programs get a lot of security updates (don't believe me? see http://www.securityfocus.com/bid and query your favorite php program). Look in your /var/log/httpd/error.log and you will probably see several hundred attempts to break into various php scripts. OT, a famous and recent example is the group in Canada who was busted for cracking web contact forms and sending out truly massive amounts of spam. Their technique required the mental acumen of a 5th grader in my estimate, but worked because of an abundance of really poorly written web contact scripts which never got updated. If the cracked script runs with sufficient authority to add a web page, the phishers job becomes trivial. The solution is for maintainers to make sure that they can notify their customers each time a security fix is made. This can be done in the script or by mandatory registration before a download. Yum repositories and the equivalent for other distros should be helpful in solving this problem.
