There is no reason to "worry", "think" or "guess": accounts can be checked, log files can be filtered for anomalies, settings can be verified and conditions can be tested to unambiguously conclude something is safe or not (Samhain, Logwatch, GNU/Tiger, OpenVAS). Using strong passwords should be a given anyway and brute force attacks are not all that Linux is susceptible to. See for instance the information disclosure vuln in PHP (CVE-2012-1823), TimThumb (OSVDB 71878)
which was disclosed on 2010-09-08, fixed on 2010-09-08 but still hits careless users to this day or the CVE-2012-1190 which is a cross-site scripting (XSS) vulnerability in a long line of cross-site scripting vulnerabilities affecting PhpMyAdmin or the Apt-specific InRelease file vulnerability (USN-1385-1). So in the case of web stack application and other service vulnerabilities having strong passwords is not what prevents unwanted malicious activity.
The better approach would have been to have gone over securing and hardening before exposing the server. I'll point you to the security sticky
http://ubuntuforums.org/showthread.php?t=510812, the wiki
https://wiki.ubuntu.com/BasicSecurity and one of the oldest security manuals around that still give you a good overview of things:
http://www.debian.org/doc/manuals/se.../index.en.html. Please note 0) hardening a machine also means
testing applied measures (using say OpenVAS or Nessus) and 1) learn applying measures isn't a one-off: you'll have to audit the machine regularly and adjust when necessary.
Bookmarks