A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter.
Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.
I'd highly suggest getting someone to harden it for you if this is a production environment, as asking on a forum is generally a good indication that you don't know how
Keep in mind hardening isn't a fire and forget thing - you need to update these things regularly. Whenever there is a security hole - patches are released fairly quickly - you need to keep on top of such things.
First of all - change your SSH port, disable services that you don't use, install all package updates, install and configure Fail2Ban, it will help you to prevent brute force attacks, analyze your web server logs on a regular basis to detect and to suppress suspicious activities.
My 2 cents:-
- Stop unwanted network services from startup
- Allow set of ips in firewall for ssh or run ssh on different port with set of ips allowed. You ISP network range /16 or /24
- Configure OUTPUT firewall chain, to only allow ESTABLISHED state traffic. Log & drop other requests. Make sure you dont lock yourself out
- grsecurity definitely helps in memory overflow exploits
- Check for overlayfs kernel module. Disable the module, if running. I recollect it is vulnerable
- Disable ssh root login. Login as normal user(UID>500/1000). Sudo to root with password
- You can checkout Duo security 2FA for ssh login
- Make sure you keep all your applications updated regularly
- Ensure that your CMS is updated regularly
- If using wordpress, consider using plugins like wordfence, succuri, 6scan, All in One WP Security & Firewall
A good start is installing and configuring CSF - ConfigServer Security & Firewall. Configure cPHulk Brute Force Protection. Rootkit hunter. Changing SSH port is also another good thing. Making sure the root password is long and obscure. Securing Apache, hardening PHP... the list goes on.
php.ini & disabled functions
Edit php.ini like this:
safe_mode = On
expose_php = Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd
Then restart Apache
service httpd restart
Or you can edit php.ini via WHM:
WHM Service Configuration PHP Configuration Editor
Everyone has made some excellent technical points. If you are unmanaged and the provider will not help with this your simplest solution is just use a good firewall like CSF or as your server has cPanel turn on cpHulk. Just taking these simple measures will help in hardening your system. Many attacks these days come from sql injection or other web based exploit.
These steps will keep you safe from brute force login attacks.
I would also suggest a malware scanner such Maldet, malware can do all sorts of nasty things compromising your system from the inside out.
Start with making sure iptables is running well and then aadd interface like CSF. If you are not linux savvy their interface will make great suggestions as to improvements you can make in order to make your server more secure. Also take a quick look at cPanel Security Advisory option in WHM. Make sure before you do any changes that you read up on what each change does, and that you are not blocking any type of functionality that will later affect the performance or usability of your website. After that you can search for many guides on the web that will provide you with more extensive information as to setting up something like MailScanner with ClamAV and other solutions to cover aspects such as incoming/outgoing emails and uploaded files to the servers.