I’ve just seen a hack attack on a VPS server where the attack vector used a weakness of the PHP cgi connection to add a POST query string to a request which changed PHP settings and loaded and executed a mass-emailer script. I will not post the exploit (too easy for “script kiddies” to use) but you can save yourselves a lot of headaches if you use the SuPHP connector to PHP … and STRONG passwords (http://strongpasswordgenerator.com) help, too!
As a reminder, keep your programs up to date as the updates generally contain security patches as well as new features.
Regards,
DK