Login into WHM and check the following steps one by one for server security:
1. Go to WHM >> Server Configuration >> Tweak Settings and disable the following options :
Prevent users from parking/adding on common internet domains. (i.e. hotmail.com, aol.com)
Allow cPanel users to reset their password via email.
Default catch-all/default address behavior for new accounts – fail.
2. Then go to WHM >> Security >> Manage Wheel Group Users
Remove all the users present in the “Manage Wheel Group Users” section except the root and your account from the wheel group.
3. Select WHM >> Service Configuration >> FTP Configuration and Disable Anonymous FTP.
4. Select WHM >> Account Functions >> Manage Shell Access
Disable the Shell Access for all the users if there is no need to enable it.
5. Select WHM >> SQL Services >> MySQL Root Password
Then change the root password for MySQL .
6. Perform Quick Security Scan for Trojan Horses within WHM once in a week.
7. At the last, when you are creating any new reseller account, Select WHM >> Resellers >> Reseller Center.
Disable the “Allow Creation of Packages with Shell Access” and always enable “Prevent Accounts from being created with shell access” it will not allow third party to access your server without your permission.
Previously we have talk about how to modify Tweak settings from shell.It can be helpful for those who are using non WHM versions.