Securing a new cPanel server, suExec, suPHP etc


Aug 2, 2008
I am a brand new web master and just got an unmanaged VPS with cPanel, so I've been struggling to get it secured to ensure the least chance of a compromise.

My server is only for me although I'll be hosting multiple sites on it under different users. After a lot of reading around here's my current setup :

Apache suExec and suPHP is enabled, along with open_basedir although it is kind of moot.
Folders are set to 755, and files are set to 644. All of them are owned by their owners and the corresponding group. MySQL root password set to something I've already forgotten.

I know this isn't a lot but I've been reading a lot and so far this is the best I could get, I'm still paranoid on how I can secure it more so that the important data on it doesn't get compromised. Can anyone share any tips? Also, what should the ideal permissions be for suExec and suPHP? Apart from isolation, do they offer any other advantage?