My server got hacked in February. I don't know how the intruders got in. I have learned a few things in the process of cleaning things up. First keep Debian updated with the latest stable release. I was running version 4.0 which didn't benefit from security updates anymore.
Next you'll want to install the following packages and configure them so that you get daily e-mails.
rkhunter chkrootkit aide logwatch
The first two are root kit detectors and will alert you if you get infected. The software aide will report all files changed and logwatch sends parts of logs that are interesting.
On top of this you should run the following script every day with cron.
#!/bin/sh apt-get -y update > /dev/null 2>&1 apt-get -y upgrade > /dev/null 2>&1 debsums 2> /dev/null | grep FAILED netstat
It will update the security updates from Debian. Debsums showed me that my sshd was compromised so it's a good idea too. Running netstat showed me that people were accessing my server via IRC.
Linux is not as safe as advertised, keep up to date!