Using following filesystem mount options to protect the website:
noexec : Do not allow direct executino of any binaries on the mounted file system.
nosuid: Do not allow set-user-identifier or set-group-identifier bits to take effect.
nodev: Do not interpret character or block special deviced on the file system.
Securing /tmp
Create a tmpmnt partition file and mount it with secure options:

cd /var
dd if=/dev/zero of=tmpmnt bs=1024 count=524288
mkfs.ext3 -j /var/tmpmnt
cp -Rp /tmp /tmp_backup
mount -o loop,noexec,nosuid,nodev /var/tmpmnt /tmp
chmod 0777 /tmp
cp -Rp /tmp_backup/* /tmp/
echo "/var/tmpmnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0" >> /etc/fstab
rm -rf /var/tmp
ln -s /tmp /var/tmp

Securing all other filesystems
Here is an example:

/dev/sda2 / ext3 defaults 1 1
/var/tmpmnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0
LABEL=/home /home ext3 rw,noexec,nosuid,nodev 1 2
tmpfs /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/sda3 swap swap defaults 0 0
/dev/sda1 /mnt/sda1 ext3 rw,noexec,nosuid,nodev 1 2


Set the access permission:

chmod o-rw /
chmod o-rw /etc
chmod o-rw /home
chmod o-r /tmp (note: this will cause gdm has issue)


Change the umask in /etc/bashrc to 077