know when something happens at your site
use the freeware tools at http://www.markwell.btinternet.co.uk/webmon/ to know exactly when something changes and if you have many pages and many sites, you just run them on a seperate computer doing only that
and yes you may be next......
also, keep an eye on the patches and vulnerabilities
security patches of the day
and by the way, why didn't you place a reverse proxy between the server (behind your firewall) and the internet, a reverse proxy is like a mirror and if you take a redhat or 2K3 server with the updates than your server is safe because the only thing a reverse proxy does is port 80, all the rest is blocked at the proxy level and at the firewall (if you have a good firewall with a good config and a good policy - tip if you have checkpoint, take their smartdefense it is so cool and defense when all rest fails).
some introductionary articles
it is afterwards very amusing to see all these attacks going on but against the wrong applications because you have changed the banners of the machines (people think they are windows while they are not or vice versa).
but remember your reverse proxy will be as safe as your patching and your closing down of services.