Baseless fear mongering. I've had webservers raw-dogging the Internet for about 25 years. Nothing of any consequence has happened. Hasn't happened to anyone I know, either. Anecdata yes, but people are making it sound like running a webserver is like connecting a Windows XP machine to the internet - instant pwnage. It isn't.

I've been DDoS'ed exactly once. In 2003 I got into a pointless internet argument on IRC, and my home connection got hammered, which of course made me lose the argument by default. I activated my backup ISDN, so my Diablo 2 game was barely interrupted.