We can secure Server from WHM by making following changes from WHM.
Tweak Settings :
Number (or all) of accounts to display per page in list accounts == 30
Disable : Allow users to park subdomains of the server’s hostname main domain
Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
Disable : Allow resellers to create accounts with subdomains of the server’s hostname main domain
Disable : Allow Creation of Parked/Addon Domains that are not registered
Disable : When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone
Enable : Prevent users from parking/adding on common internet domain
Enable : Silently Discard all FormMail-clone requests with a bcc: header in the subject line
Set Default Mail to FAIL.
Disable : Track the origin of messages sent though the mail server by adding the X-Source headers.
The maximum each domain can send out per hour = 300
Prevent the user “nobody” from sending out mail to remote addresses : Disable should enabled on server with phpsuexec.
Disable : BoxTrapper Spam Trap
Disable : Add the mail. prefix for mailman urls
Disable : Send passwords in plaintext over email when creating a new acccount
Disable : Awstats Reverse Dns Resolution
Disable : Analog
Disable : Allow users to update Awstats from cPanel
Number of days between processing log files and bandwidth usage = 1
Enable : Delete each domain’s access logs after stats run
The load average above the number of cpus at which logs file processing should be suspended = 10
Enable : Keep Stats Log between cPanel restarts
Disable : Allow Perl updates from RPM based linux vendors
Enable : Use jailshell as the default shell for all new accounts and modified accounts
Disable : Allow cPanel users to reset their password via email
Enable : Spamassasssin
Tweak Security :
Enable PHP open_basedir Protection.
Enable mod_userdir Protection.
Enable SMTP Tweak
Disable Compilers for unprivileged users.
