Normally I don't post news about specific website issues however this was a great example of why you need to protect your webserver from local networks threats as well as remote.
"Monday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider. Using what is technically known as ARP spoofing, the attacker was able to intercept visitors to Metasploit.com, and instead serve them up a page saying the site had been "hacked by sunwear ! just for fun. Users were then redirected to a Chinese forum with an image of the hack.
The Metasploit server itself wasn't compromised, according to Moore, who fairly quickly fixed the vulnerability by hard-coding the right route for the packets.
But since some 250 other servers are hosted on the same local area network at the service provider, they remain at risk, according to Moore."