Log into WHM and check the server security settings.
1. Check WHM >> Server Configuration >> Tweak Settings and disable the following options :
*Prevent users from parking/adding on common internet domains. (i.e. gmaill.com, hotmail.com)
*Allow cPanel users to reset their password via email
*Default catch-all/default address behavior for new accounts – fail
2. Then goto WHM >> Security >> Manage Wheel Group Users
* Remove all the users present in the “Manage Wheel Group Users” section except the root and your account from the wheel group.
3. Select WHM >> Service Configuration >> FTP Configuration
*And Disable Anonymous FTP
4. Select WHM >> Account Functions >> Manage Shell Access
* Disable the Shell Access for all the users if there is no need to enable it.
5. Select WHM >> SQL Services >> MySQL Root Password
Then change the root password for MySQL
Perform Quick Security Scan for Trojan Horses from your WHM >> Security in a week.
The last but not the least, important security for your server , when you are creating any new reseller account, Select WHM >> Resellers >> Reseller Center
Disable the “Allow Creation of Packages with Shell Access” and always enable “Prevent Accounts from being created with shell access” it will not allow third party to access your server without your permission.