Appropriate response to an anonymous attempt to hack my servers

The appropriate answer depends on a lot of things.

First, it's important to realize that the vast majority of attacks against servers are not performed directly by a malicious "hacker", but by a compromised machine. Your response should be to using the DNS whois info about the source to get word to the owners of that IP that there are attacks coming from their network. Most likely, they either have a compromised machine, or a malicious user, and both they will take care of internally.

Second, analyze the attacks and ensure that you've taken appropriate measures to guard against them.

You must be new to network security.

I can't even count the number of times our servers receive hacking attempts per day. It's basically a normal part of incoming traffic on the internet these days. Not only can you expect this traffic to be coming from compromised home computers, but you can expect entire networks of them working together just like SETI@Home, except bigger, and on an involuntary basis.

I'd say the vast majority of these "botnets" are used to send spam and run scams, the volume of which is entirely overwhelming.

The appropriate response is to make sure that you're not vulnerable (which is more than likely if you can actually detect the attacks), and if at all possible, restrict access to only a few IPs of those people who are allowed to have access in the first place.

Is it a case of look at what they were attempting and make sure we're covered against it and similar attacks?

Yes, certainly do this.

Whether you choose to report such unsuccessful attempts really depends upon how much time you have upon your hands. The accepted convention is for network operators to operate an abuse@ address on their domain and detail this, plus any procedural information, within the inetnum entry of their RIR for any address ranges which they are responsible.

You can retrieve this information from the relevant RIR by performing a whois against the would-be attacker's IP address. Don't trust the reverse-DNS of the IP because it can be easily spoofed to an unrelated domain or hostname.

The reality is that most attempts will be generated by distributed and automated utilities operating from networks which simply won't follow up abuse reports. If you're feeling particularly vigilant then you can send reports. But chances are, unless the IP resolves to a well known organisation, your time would be better off spent protecting yourself.

Your response depends a lot on the vector they were using. For example, I had a VM on Rackspace Cloud that was being constantly hit with SSH attempts. So, I added some IPTables rules to only allow SSH from my IP's. Now, if the vector was web serving that you want everyone to see, obviously restricting it would not be the answer.

find the Abuse email address related to that ip and send an email warning that there are attacks. provide logs. you can use `whois' to get information about an ip/domain

You need to audit any change to your files, audit your code, make sure you sanitize any inputs. you can limit the risks by running your http server chrooted/jailed or/and use a IDS plugged in a monitor port of your switch.