They dayton server is running Apache 2.2.16 I had a friend that took a cursory look at hacking my site and wrote me the following
"...if you look at Apache's website it identifies three security holes with 2.2.16 (the version your server runs) which were fixed in 2.2.17. That's not to say there's any way to get your server to read an XML file from an untrusted source, but it was way too easy for me to find that. I could do the same thing with mod_ssl, OpenSSL, mod_auth_passthrough, and all the other software which is listed. The disclosure issue can be easily fixed with a one-line config change. I don't have the option memorized, but I know you want is set to "Prod" (it's probably in /etc/apache2/conf.d/security.conf). Also, update to Apache 2.2.17 and check all the other software listed there to make sure it's the most up-to-date..."
Is there an plan to update Apache on TCH servers?