Read the logs of your router.
There will be an endless list of attempts to connect/start a raft of applications like Apache, Webmin, PHP, MySQL, etc. These attempts usually try combinations of default username and password, often appearing to originate from IP addresses owned by companies like Microsoft, PCWorld, Argos, BBC. Which then end up being blocked by my router's IP blacklist, with the expected result.
Sooner or later these attempts find a mark in the "low hanging fruit" department and they are in with privileges.
I've been running Apache on Win2K for years now, and as far as I know, none of the site pages have been compromised, ..... so far. However, I'm no expert and I half expect a proper "expert" to get in touch with me to tell me the awful news.
I stayed away from LAMP precisely 'cos I could not be certain that all the apps were sufficiently tied down so as not to be a liability, or be a vulnerability. My lack of LINUX knowledge saved me ?
However, if Microsoft et al, are having these difficulties when they have all those highly trained IT staff, what chances do the rest of us have of staying sharp and our servers germ free ?
I hope those loony Linux fanciers are reading this article.