Sometimes, servers can become compromised through no direct fault of the administrator. There exist what are known as zero-day exploits -- malicious code affecting a particular product or service which is circulated before the vendors or maintainers are even aware of the vulnerability.
Fortunately for us, this is relatively rare. The vast majority of server-level compromises are due to neglected services that haven't been patched to prevent old, well-known exploits. Once a system administrator is made aware of a weakness, he or she must assess the situation and take immediate action (even if that action is to decide that a patch isn't needed). There are situations in which a patch may be more trouble than it's worth; only you can determine how much you value your data.
Admittedly, it's not always easy to be made aware of security holes, particularly when it comes to less-common packages. That's why we've compiled a list of some helpful information sources:
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License