Hackers 'limited'

Hacking is hackneyed for the hacker, but is a serious issue for corporates whose websites happen to be the face of the company to the external world. Corporate websites are also the point of sale for ecommerce applications.
US.GOV websites are the most highly targeted web sites when it comes to hacking, but others are not an exception. A lot of security centric companies invest resources towards ethical hacking to understand a hackers mind and counter measures thereon.
With hosting service providers being the de facto standard for most of the SME’s web site needs, some amount of control or total control is provided to the customer which might vary as per the contract.
Consider a situation wherein your house was burgled and you lost something which is very priceless such as an old photo album or a bottle of wine that was aged for 15 years and of course cash and expensive jewellery that were the main items of concern. You were procrastinating to get a security system installed or get the Rottweiler or the Doberman to guard your home.
The analogy can be applied to a corporate websites which if gets hacked could lose price less information as well as information having monetary value. On the priceless front, it could be a prospective partner trying to access your site for potential tie up and on the monetary front, source code or any other internal assets. Denial of Service is one side of the story followed by revenue impact in the form of missing customers or angry users.
Certain fundamental steps shall insure and safe guard your internet site from a potential hacker. These are in addition to what you could insure after using a threat modelling tool coupled with SQL Injection, Cross Site Scripting verification amongst other things.
1) Have a strong password policy. This should not be limited to special characters, combination of upper and lower case. It is more of a pass phrase. Avoid predictable names such as companyName123, companyName123$, companyName~1. These are easy to crack
2) Disable all unwanted ports such as FTP, Telnet as these could make your site vulnerable for data siphoning
3) Have captcha mechanism where user is expected to fill in information to circumvent automated spam programs
4) Have logic built into your code to identify suspicious IP Addresses OR fire wall mechanism by the service provider
5) Make sure, there are no executable links available from the view source option. Media Files that could make a call to the server
6) Optimize the code to insure media files are not calling the server for content
7) If using a Linux environment, make sure to have the upper limit of numprocesses, numfiles set to a higher and a realistic value
8) Peer review of the code OR use a code analysis tool
These simple steps might let you avoid a burglary like a situation that I quoted earlier!