To begin with, most large commercial web hosts, on Linux platforms anyway, run their own version of Linux which is often a very far cry from an off the peg distro you or I could download and/or purchase. Most large hosts invest a lot of time and expertise in tweaking their platforms for reliability, security, speed, low comparative resource requirements and all kinds of other things.
I can think of a few dozen ways off the top of my head that someone could have bypassed a home-grown web server, and the fact that your MySQL, data and Apache docs folders were deleted points in certain directions and indicates specific lines of attack. I'm not going to openly discuss these methods in this or any other forum though, for obvious reasons.
Think about this for a moment: in the last couple of years, Google, Yahoo and Microsoft, to name but a few, have "enjoyed" being targetted by some spectacular hacks, many of which were specfically aimed at web servers and many of which were very, very successful. And you're asking how to secure a web server ?
This is probably going to be little more than irritating to you, but my one gem of advice is this: move all of your web hosting requirements to a dedicated web server run by a third party company as soon as possible. If you need an entire server then either rent a managed server or choose to manage your own. The basic nuts and bolts of security will still be dealt with in-house and all hardware responsibility is out of your hands.
This is from someone with a great deal of server management experience and despite this background, or perhaps because of it, I wouldn't dream of running my own web host.
Upgrading to UNIX will do one thing: it will require an entire new learning curve and you'll still be wide open to the same or similar attacks until you get your head well and truly around it.
I'm not sure if you understand this concept, but if you have dynamic languages enabled on your server, unless you lock things down in some very specific ways, it is pretty easy to write or modify a script which interacts with your server and pretty much opens it up like a book.
People hack servers for a number of reasons, but even large web hosts fall foul now and then. I'd bail out ASAP and move to a dedicated web host yesterday, or sooner if you can arrange it.
The short answer to your "how can I prevent this in future ?" question is this: you can't.