I would start out by choosing a very minimal linux distribution. Install the minimal build of CentOS, Ubuntu Server, etc. Don't install a GUI or any unneeded packages. Install only the base, and SSH. You can install what you need after that.
You could visit CIS(http://www.cisecurity.org/) and download a benchmark to use for hardening your Linux system. They have benchmarks that can be used for basic Linux hardening (most distributions are covered, and even if not, the same practices apply across the board). Then you can also run through the CIS benchmark for the Web server/DNS/etc. itself. Hardening doesn't solve your problems, but it does reduce your attack footprint, and then it is up to you to be vigilant on patching what you do have facing the internet. Use iptables or another host based firewall to block off everything that should not be receiving traffic from the outside. Then I would use OSSEC (http://www.ossec.net/) to monitor for system changes, and monitor your logs. OSSEC is an excellent program and extremely useful.
At the end of the day, you'll learn a lot through while applying the benchmarks (I advise creating a script to automate for future servers), but it comes down to hardening, patching (OS, Server(s), and CMS), and monitoring.