Have a habit of checking servers log files regularly for failed login attempts to detect if your server had any brute force attacks. Ban user IP with multiple failed login attempts. You can also restrict users for the amount of login attempts they can perform. Do not allow multiple root users. You should disable your demo or guest accounts. Install a firewall, like APF or TinyFirewall, on your servers.
To secure PHP log into shell and type the following: # php -i |grep php.ini than, --Turn on safe_mode --Replace “disable_functions = “ by “disable_functions = dl,system,exec,passthru,shell_exec” --Replace “register_globals = On” with “register_globals = Off” --Run PHP through PHPsuexec to recompile PHP with suexec. on cPanel /scripts/easyapache.