If you are installing some applications like joomla or wordpress, do take note to chmod the configuration file such as configuration.php or wp-config.php to 400 (this is to ensure that the configuration file only has the ability to read by the owner only).
This is one of the way to prevent symlink attack.