I read that once and I thought "What client is he using other than a browser" then I go it
. I'm going to start with the easiest to answer question, how permanent it is. Unless the site constantly changes a backup stored on a separate hard disk or USB should suffice to get it back up, this way you will know it is vulnerable and can take measures. If my memory serves me correctly apache is notorious for DOS vulnerabilities, a new one was found recently here
and Thetan wrote a great article on an attack where the attacker just needs to hold a connection open and the server will eventually crash.
So a DOS (not even a DDOS is needed) attack is quite possible, I know nginx doesn't have these vulnerabilities - if you are paranoid you might want to swap (it's free why not
As for the threat of defacement if your passwords to any open ports are secure then it should be fine provided there are no exploits in the server, a quick search on exploit DB shows nothing of interest but maybe someone else can explain
show me up...