I supported mainly Windows servers. When ever there was a breech reported by a client it was always some old script that they had installed where a "hacker" or kiddie hacker basically uploaded a file browser and replaced the users index file. Only the account was effected and the server was not attacked.

In the one case where an actual server breech happened it was related to a vulnerability in the mail software where no fix was available at the time of the hack. For that case a complete reinstal and restore of data was done (minus the bad software).