As far as direct attacks on you server are concerned, attacks typically fall into one of the following categories:
In addition to protecting your site, you need to protect your users. It is all too easy for a poorly protected site to be used to host attacks on innocent users. Typical attacks include:
Fortunately, there is a lot of help and advice available. Click on the link for some starting points in securing your Web application.