My first advice would be to get rid of ftp. Just like telnet, ftp should not be used on a web or application server. ftp sends passwords as well data unencrypted over the Internet. Use ftp over ssh2, as supported by Filezilla and WinSCP.
My second advice is to run a tight packet filter on the server to protect itself and disable all unused services.
A higher level defence against your website or application would be to use a web application firewall like
mod_security.
If you want to be sure your server has not been cracked, tools like
Tripwire or
Aide will help.