The best principle of security is to not offer something to be broken into. That’s also the theory behind Host Access Control. Here, you can tune access permissions to the services on your server.
New for cPanel 11, Host Access Control allows you to specify what IPs you’d like to give access to specific services. For example, if you only have 5 users on a machine with shell access, limit sshd to connections from their IPs and you’ll have almost no chance of a malicious user getting in through ssh. The same can be said for other services as well.
It is important to note that the “Security is the inverse of convenience” statement definitely holds true here. You’ll need to be careful about what rules you add so you don’t lock yourself or your users out. You’ll also need to add new IPs each time more access is needed. That’s a small price to pay for locking your server down tight. Probably a lot less time than bringing back up a hacked box.
Host Access Control can be found in the Security Center in WHM for versions 11.0 and higher.