A simple solution I have seen...
-Build the Web Server with the the Home page, sub-pages, and a few other bits on top of NetBSD (smallest footprint / attack surface)
-have all the "Breaking News" / new content stuff on a flash drive and referenced by the page
-write a script that will copy the entire thing to a RAMdrive and search for updated data on the Flash drive every 5 minutes or so
-Remove all users except root / Service account for webserver, set the both passwords to some incomprehensibly long series of digits and numbers (256 character should do it)
-Wrap this up on a Live DVD using a different set of password for each
-Website will run very quickly (being from RAM and all)
-if it gets hacked:
1) swap the DVD with one of a different Password
2)reboot server
3)???
4)Profit!
-Flash drives are cheap, so if a machine gets hacked, just throw out the old drive. Or even use CD-Rs
-Since the machine has no need for a hard disk, there is less chance of hardware going bad
-Possibly have the machine get the RAMdisk image from a server on a private network, possibly scripting it so the Web cluster will refresh every 12 or so hours
-Can be run a system with very low specs (some old SunSparcs will do nicely, can usually get these pretty cheap, fairly small and use very little power, esp. without HDs)
Too many people try to add too much crap to their website which is how it gets hacked, you can run a decent website with this, use a basic SQL DB application if you need to and have the DB files copied to the CD / Flash drive. This solution should allow for almost all Website (This will support most content: JPEG, AniGIFs, CSS, PHP, Some flash)
Biting the hand that feeds IT
