I am recently running a web server, and there is a lot of information online, but it can all be a little confusing. I recently opened my logwatch logs and saw that i get attacked a lot by all sorts of bots.

Now I am interested in a list with things I definitely should be aware of nowadays, and possible ways to prevent them. I have read stories about server crashed by floods, crashed by email, and all sorts of crazy stuff.

Thing I already did:

• I have recently blocked all my ports, except for the http and email ports.

• I disabled IPv6, this was giving me a lot of named errors

• I have turned on spam DNS blackhole lists to fight spam
  - sbl.spamhaus.org;
  - zen.spamhaus.org;
  - b.barracudacentral.org;

• I installed and configured mod_security2 on apache

• There is no remote access possible to my databases

That is all i did so far, further I am not aware of any other threats. I want to know if the following things have to be protects.

• Can I be flooded by emails. How can i prevent this
• Can there be a break in or flood of my databses
• Are there things like http floods or whatever
• Are there any other things i should know before i go public with my server

I also want to know if there is some kind of checklist with must-have security protections. I know the OWASP list for writing good web applications, is there something for configuring a server.