1. Do not disable safe_mode under php.ini. If customer requested t disable it, turn it off onĀ his account only. As most of the time attack is done using c99 php shell scripts. This c99 shell allows an attacker to hijack the php enable web server. In case safe_mode is off on server and there are public_html directory with 777 permission, any one can easily hack it.
2. Compile apache with safe mode as well.
3. In cpanel under Tweek Settings, turn on base_dir, if anyone requests to turn off, do it only on his account only. As using phpshell, one can easily move to main server directory like /etc and /home
4. Do not allow Anonymus Ftp on Server. You can turn it off from FTP Config under WHM Service Configuration. If its enabled, one can easily bind port using nc tool with your server and gain root access. So always keep it disabled.
5. Always make sure /tmp is secured. You can easily do that by running below command using ssh.
/script/securetmp
Make sure /tmp folder is secured, otherwise one can upload some kind of perl script in /tmp dir and can damage all data on the few/all accounts on your server.
6. You must check these inspite of other securities like firewall, rootkits detectors etc.
