I see so many compromised servers out there it’s not funny. Phishing sites, malware, whatever.
Many hacks are avoidable if people update the software on their web servers to the latest versions. And then apply good security practices.
PHP, Apache, IIS, whatever you’re running, update it religiously.
Suzi Turner writes a good post on the subject:
I've seen some statistics on phishing sites including estimates of how many of them were compromised sites. The stats indicate that most of the sites are running older versions of Apache, really old versions in a lot of cases, and a high percentage have PHP.