When you ping a website, your computer is sending ICMP Echo Packets, it is up to the computer (or device) that receive these "Echo Requests" to respond. Unlike TCP or UDP which specify a virtual "port" which is really just some number that computers use to help distinguish one packet (piece of network data) from another. So even if a computer has no ports "open" (which is really just a simple way of saying they respond to a TCP SYN request) they can still reply to an ICMP Echo or "ping". Hope this helps... For more information I suggest you read the IP, TCP, and ICMP rfcs.
Notice its 791, 792, 793... they're all very closely related which is why its easy to confuse their inner workings.
As for secure webservers, try using the latest "Stable" version of Apache. Its a free open source web server and its pretty much what everyone uses. Up to date software is an important factor in security. Once you read those RFCs and get a better understanding for the way the internet works, you may go on to read about firewalls, and how they can help you to secure your websites.