Hi guys, I don't host with Surpass anymore due to a requirement to be based in the UK, because of this I had to go unmanaged to get a decent price, its like being put in the middle of a swimming pool and not being able to swim. Anyway i have learnt a lot since september and have a few recommendations.
Don't use apf/bfd, use csf/lfd
http://www.configserver.com/cp/csf.html
Brilliant system that integrates straight into your whm, and runs security audits on your site telling you how secure everything is (i can post screenys if people want). The customization and user friendliness is second to one and the alerts when someone gets blocked for certain things are brilliant.
Anyway definately recommend that.
Also a few other little programs that configserver offer (i have to love these guys as they are all free)
http://www.configserver.com/cp/cse.html - allows you to do ssh commands through whm, brilliant and saves time
http://www.configserver.com/cp/cmm.html - gives you control of all email accounts on the whole server in one place.
there are a few other things he does but cost and i dont want to sound like im spamming for them, found all about this on the cpanel forums, its definately useful to register there if you own your own server.
Anyway if you have any questions about the firewall post because being a newb at this stuff i definately think it is far superior to apf/bfd.
Thanks again for everything surpass.