Install a firewall.
Look into APF (It's a firewall plugin that makes configuration easier, and more dependable)
BFD (Brute Force Detection) by the same people as APF. It will detect multiple failed login attempts, and block the users IP.
mod_dosevasive (will help to prevent httpd attacks)
mod_security (will protect your http server from various exploits, and will therefore increase server security)
DISABLE DIRECT ROOT ACCESS
^^^^^^ That one is a big one. By disabling direct root access, no user will be able to log into the server as root, unless they are ALREADY logged in as another user (you can specify which users should be permitted access in the ssh configurations). You'll want to read up on this, but trust me when I tell you it is one of the very first things to look at. In fact, you could even go deeper to only allow SSH access from your IP (assuming you're static) and your datacenter... this will assure almost no access to the SSH, and through that, make root access extremely difficult.
Enable password security features in Plesk. This will compare various passwords to a dictionary file of common words and make sure that the password is not going to be easily guessable.
Always use the latest possible versions of software. This includes forums (the latest php exploits targetted phpBB specifically).
Turn off wget. I don't care how, just do it. Make it owned by root and chmod it to 700, or rename it... I don't care, but make sure no one but you can use it.Rootkit hunter. Find it. Use it.
Telnet is evil. KILL IT.
Here... a quick walkthrough... read through it, and it will help.
http://forum.ev1servers.net/showthread.php?s=&threadid=30333
The only thing I would not do in there (other than the cpanel thing) is delete admin. You don't want to do that, as admin is a user based in Plesk, and it will break your control panel... so leave admin alone.
Oh yeah... don't give shell access to anyone that you would also not give access to your house, car, wife, and wallet.
Facebook
Twitter
