> my discovering that the web site had been compromised was what got me digging
That is bad news.
> That's part of the reason I'm trying to fix it even though it isn't seriously broke... or at least still working.
Was the machine compromised or not?
> The fire-walling can change in a hurry, but closing exploits by moving to a more current version of Linux and all the other software on the machine is the major motivation here
I understand that you don't want to be responsible for a machine with known expoits. But if it has already been compromised, no upgrade is going to help.
> The other part is that the hardware, OS, and software are ancient and basically unmaintained. If the machine had an automated back-up system running, I'd be more comfortable with the risk of a hardware failure, but that isn't the case. (It will be on the new machine.)
If the data is irreplaceble, even a new machine requires (off site) backups.
> I try not to make a habit of forcing folk to new software, or even new versions of software, if it can be avoided. Experience has been a good teacher. wink
There is also the saying, "If a man is happy, you can only make him unhappy."