I thought it through quite well thank you very much. RH73 had 135 advisories issued when they EOL'd it 20041231 ... That's One Hundred Thirty Five. 63% of those were exploitable remotely, and that doesn't count the 1.3 years that have passed since they completely stopped issuing fixes for it. The reality of the matter is, if no one's broken his system yet, it's simply because no one that can (and wants to) has found it. Your running around bragging about it will not increase his chances for survival...

Besides ... If your friend isn't all that savvy, he could be owned right now and not know it (assuming the intruder has brain one in his head).

"Your running around bragging about it will not increase his chances for survival..."

I didn't "brag" the RH 7.3 unpatched survival....you said it was "crap" the RH 7.3 unpatched that existed would be hacked in a matter of minutes. That site existed for about 3 years.

I didn't say also that you don't have to patched any linux box at your dissposal...but "quoting me" that a unpatched linux would not survived at all is a "bullcrap".....you can say a pleasant like..."unlike to survive" but not a "bullcrap" or say anything "I'll have to flag this story for the steaming pile of BS that it is ..."

Now that I give you proof...you now labeling me "bragging"...

I don't want to expose the site to hackers....that site is religious site...i'm a religious person also and believed in karma.

As I sited an example that a "low blow joe" installing a linux is less vulnerable than a "low blow joe" installing a Windows XP. I have also sitted that RH 7.3 unpatched as an example not to brag...but to show how a normal person able to survive with the unpatched server. The one who maintained the site is a Priest...not an Linux Admin....but a simple Priest.

So please next time...stop using the world "crap" against anyone....unless you really know the truth or I'm I just lying.

>> I didn't "brag" the RH 7.3 unpatched survival....you said it was
>> "crap" the RH 7.3 unpatched that existed would be hacked in a matter of
>> minutes. That site existed for about 3 years.

Your comment of "RH 7.3 unpatched/not upgraded for almost 4 years and currently, he doesn't have a single problem and currently online" is what prompted my use of the word crap, bullcrap, and BS. I stand by my original position.

>> I don't want to expose the site to hackers....that site is religious
>> site...i'm a religious person also and believed in karma.

I didn't suspect you did. I was just saying that giving out the URL for a 4 year exposed server in the security forum on a site where newbies come looking for security information (and crackers come looking for newbies to prey on) might not be the best idea ...

>> Now that I give you proof...you now labeling me "bragging"...

A server answering a HTTP request doesn't mean it's not cracked every which way ...

>> The one who maintained the site is a Priest...not an Linux Admin....
>> but a simple Priest.

I understand that, but that doesn't make him impervious to the fact that his computer *IS* a "sitting duck".

>> So please next time...stop using the world "crap" against
>> anyone....unless you really know the truth or I'm I just lying.

I'm not calling you a liar. I mean you no offense at all in fact. There's a difference between being intentionally untruthful (a liar, which was my initial impression) and being incorrect without knowing any better (which I now think is the situation).

The point of what I was saying is that stories about putting an unpatched install of pretty much anything on the net for 4 years and having it completely untouched are *HIGHLY* unlikely, and usually "bullcrap".

Anything is possible but it doesn't "prove" anything. A person could eat nothing but fish and chips for a decade and have perfect cholesterol but that doesn't mean everyone should do it.

Have you talked to this person about migrating to a more modern distribution? As a safe-guard against the 580+ vulnerabilities he is exposed with. The site doesn't look that involved... an update should have little (if any) noticeable impact on anyway looking at the site. Maybe a minute of downtime (if you had a spare computer -- longer if you didn't) and nothing would need to be lost.

It is only for a gain in security... I'm sure you could walk him through it (would probably be best if you were at hand to do it but that is not always possible).

Yeap...I have talked with him last year....I have informed him that the box is old and need to be upgraded. It is an old P233Mhz with 128MB RAM with 13GB of HD. He's waiting for an approval...you know how it is in non-profit Institute. Were kinda hoping that the University give (donate) a Pentium 3 class computer for him.

At any rate he was well informed since 2003 by the University Admins...but since he was not that keen on Linux Security...not that savvy in world of computer hardware/software. He only know how to create a web page...very simple fellow.