You can improve the security setting in WHM and linx through the following steps
1 Install mod_security with custom rules Install an Apache module that blocks hacking attempts attempted over the http protocol. Great at blocking SQL Injections and other hack attempts with custom LLH rules. Try running a command on our site using syntax that many hacks use. This command which would normally present the hacker with some form of control over your server is blocked and presents a 406 error message. Press the Alert icon to try it now!
2 Install root login email notifications Get an email from your server when someone logs into shell as root user
3 Install ClamAV with 280,000+ virus definitions Installs an open source antivirus scanner with daily updates.
4 Update Perl to latest version Update your server to use the latest Perl version available with cPanel.
5 Install Rkhunter and set cronjob Installs Rootkit Hunter on your server and runs a daily scan for rootkits.
6 Upgrade kernel to latest version Upgrade server kernel to the latest one available from Linux distro vendor
7 Update server with yum Update server with latest packages from distro vendor
8 Disable insecure and unneeded services Disables OS services that aren't need on a server
9 Disable anonymous FTP Disallow anonymous access to server's FTP
10 Update cPanel to latest Release version Update cPanel and set daily automatic updates for Release branch for latest in features and stability.
11 Disable insecure php functions Disable insecure php functions like system, exec, and many more from running on the server.
12 Enable open_basedir Prevents users from opening files outside of their directories with PHP.
13 Enable suexec Makes all CGI programs run under user ID of account owner
14 Force SSHv2 access only Change OpenSSH configuration so that only secure SSH version 2 connections can be made to the server. This disables Telnet and SSHv1.
15 Change SSH default port number Set port for SSH access to non-default number to prevent hacking attempts
16 Install and configure ConfigServer Security and Firewall Install a fully featured iptables-based firewall and configure it for maximum security. This included Login Failure daemon to block repeated login failure hacking attempts.
17 Set server to drop connections from IPs based on Spamhaus and DShield DROP lists. Server will block all connections from IPs in the block lists of Spamhaus and DShield DROP lists at the firewall.
18 Extend exim logging Extend the details exim logs to help catch spamming
19 Prevent users from parking/adding on common internet domains Unless you're hosting Google.com, this will keep common domains from being put on your server.
20 Disable compilers Disable compilers for unprivileged
21 Set maximum emails sent per hour Allow only 5000 emails to be sent per hour from your server (or some other specified number)
22 Enable mod_userdir Protection Disables the Apache feature that allows the bypassing of server's bandwidth measuring feature for accounts
23 Modify maximum resources Apache can use Set RLimitMEM and RLimitCPU to prevent runaway scripts from using too many resources (as often happens in DoS attacks.)
24 Set root forwarder Ensure that critical server emails are being delivered to server admin
25 Enable Shell Fork Bomb Protection Keeps users logged into ssh from using excess resources causing a DoS attack.
26 Enable Background Process Killer Searches for an kills bad background processes like ircd, bnc, and eggdrop amongst others.
27 Check and secure various tmp objects Check /tmp, /usr/tmp, and /var/tmp for correct permissions and ownership
28 Set correct server runlevel Set server so that it starts in a secure multi-user environment.
29 Install ConfigServer Explorer Installs a file system explorer in WHM with many useful features.
30 Install ConfigServer Main Queues Installs a visual interface to interacting with the exim mail queue.
31 Install ConfigServer Mail Manage Allows the editing view and management of client email accounts and quotas from within WHM without having to log into their cPanel account
32 Update Apache to latest version of 2.2 This version provides many security, performance, and feature benefits over the older 2.0 and 1.3 versions
33 Update PHP to latest version of 5.2. Provides many new features and performance improvements over 4.x and security benefits over other 5.x versions.
34 Install Zend Optimizer, Ioncube Loaders, and SourceGuardian Loaders Enables the loading of of Zend, Ioncube, and SourceGuardian protected scripts.
35 Install Suhosin SuHosin protects servers and users from known and unknown flaws in PHP applications and the PHP core.
36 Install and enable suPHP suPHP is a tool for executing PHP scripts with the permissions of their owners. Runs PHP scripts under the user's account instead of the universal and insecure 'nobody' user. Click on the Alert icon to read our help file for customer who are having issues caused by suPHP.
37 Install EAccelerator eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache.
38 Add PHP Mail Header Patch PHP Mail Header Patch allows spam (and all mail) sent via PHP's mail() to be sent with a header line that tracks where it came from.
39 Enable IP spoofing protection Prevents IP spoofing and DNS poisoning
40 Two Weeks of free Limitless Security Service related tickets