>>648199527one can scan ports in order to find open services (apache, ssh, ftp,..) and eventually found a vulnerable service, launch an exploit on it, and then gain access on the server.
Even if there is no security problem with the website or apache itself, a server can still be attacked