hello nman14, and welcome to HD.

I will run down through your questions in order.

Q1a: How do I stop people from sending spam emails?

A: If you figure this one out, let us all know.

Q1b: Is there a way to set how many emails can be sent out in an hour? If so how do I set it? (Cpanel/whm Linux fedora)

A: Absolutely. Log into WHM. The first section on your menu on the left should be "Server Configuration". Under that section, click "Tweak Settings". You will find a setting there for: "The maximum each domain can send out per hour (0 is unlimited):". Simply adjust this as you see fit.

Additionally, check the box next to "Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)"

Q2: I had a firewall installed when the hacker got into my server but not BFD. Could this have been the problem? I also had somewhat of a week password. (xxxxxx##) What can I do to prevent this from happening again?

A: Firewalls are not the end all of security. Some firewalls can be easily bypassed, and if the hacker can crack your password, there is no amount of Firewall protection that will help you, because a firewall can then be disabled by an experienced hacker. Start with the basics, and make your password stronger. Use letters, numbers, and symbols in your password. These are much harder to crack and can even take brute force attacks decades to determine the correct calculation and formula.

Q3: How do I limit the amount of recourses an account can use?

A: This is done when creating your hosting packages, and can also be done when you edit a user's account via WHM.

The best thing to do is read WHM/CPanel's documentation as it outlines much of this already.