[hackaflocka]

This would be a really really good idea.

However, in my experience (as an Apache noob), the Apache community consists of experts who are so far ahead of the noobs that they can't see the issue from the perspective of noobs.

When I configured my first web box, I couldn't believe that in 2 days it was hacked open and taken over (by some hackers in China apparently -- those guys are scary good). My host (DO) couldn't provide any advice / support on what exactly had happened. I reset everything and set it up again, and again, 2 days later, the box was completely taken over (again by peeps in cn).

Finally, I did a couple of tiny tweaks in how I logged in (I disabled root login, and configured SSH keys to log-in, and changed the log-in port), and I was never hacked again. If these 3 little tweaks could be made defaults, there'd be a whole lot less hacking going on.