We build sites and host them on our own cloud servers running cPanel. We've been doing this for a few years. We're getting more and more customers asking for full access to their site via FTP or SSH, and we're concerned about the security implications. Right now, we try to lock FTP access to a single directory - not the whole public_html. And, we never allow SSH access. We're running PHP 5.3 without suEXEC, suPHP, Suhosin, mod_security, or Ruid2. Is there a "best practice" guide to secure this type of "open" server?