You don't really need to worry about attacks intended for windows servers, of course.
You should watch out for people trying to POST things to Your server, i.e. to /tmp or shared memory, especially if the server is not chrooted. (failed) buffer overflow attacks appears as very long strings of garbage in the access.log. You should be aware that a successful attack will include removing it's traces. :)
The best point for learning about possible angles of attack would be apache-specific mailing lists where You can get some insight from people that survived attacks.
for the very least, I always try to
- mount $TMPDIR (usually /tmp) noexec,nosuid,nodev
- chroot apache
- run apache on port 8080 only and ipforward 80->8080 (this means no part of apache has root permissions left
- of course run the most current apache version (2.0.53 today)
- have another non-apache webserver at hand in case there are unresolvable problems.
yesterday I stood at the edge. Today I'm one step ahead.
