These are from personal experience .. I got hacked once, they use my server to SPAM. I only realized when most of my users are not getting emails from my server. Most emails end up in the SPAMBOX.
So what I did …
1. Change password. – Let the system generates funny alien password for you. Copy it and keep it some place safe. The more alien it is to you, the harder for them …
2. Install a firewall – For WHM users, just use CSF. But be sure to study the configurations. This can take up another posting to explain…. heeee. Anyways, it has security checks and recommendations.
3. Activate CPHulk – For WHM you need to activate this. It will prevent you from Brute Force attack. Hackers will take some time and a lot of trial-and-error to ‘guess’ your passwords. By activating the Brute Force prevention you can block their IP after the first few attempt and unblock it the next hour, next day or next week.
4. Use IMAP and SMTP Auth – Forget about normal POP3 using port 21. Use authentic SSL. There’s a setting is the WHM Tweak to “verify sender” first before processing further the emails. Make sure its ON. This will prevent the hackers to collect or guessing a valid mail username. (Once they get the username, the next step is guessing your password). Instead of giving “No such user here” and bounced the email and let the them guess another username, might as well check on them first. Because usually all the emails are sent from a invalid source. Just disable your POP or SMTP is you’re not using it.
5. Activate ModSecurity – This is a strong defense, with a high false positive. You can download the basic rules from OWASP
6. Check you code – Make sure no SQL Injection can’t be done. Here’s a general idea what can happen https://www.youtube.com/watch?v=h-9rHTLHJTY
7. Check Directory Permission – chmod 777 is an all time bad idea for running scripts. Use 755 with care. If you have an uploading application, make sure you scan and rename the files. Some applications go through image modules like ImageMagic just to make sure the file is secure.
8. Disable Services .. – I dont know about you, but I dont use Mailling List. So I disable MailMan in WHM. Same goes with Antirelayd , Entrophy Chat … etc. I even disable the FTP, only enabled it when using. heee ..
And a few more things ..