I highly suggest running a firewall (at least ufw) and only allow the ports you really require and drop all else (ufw deny in to any | ufw deny out to any) after those rules.

Set up ssh on a port other than 22 to limit the amount of attacks and disable password auth and root login.


If you have a mailserver running, make sure it runs on a limited user with no login possible and make sure your domain cannot be used by other people.

If you have a webserver running, make sure the user is also restricted, cannot login and all the users and passwords of the web application are reasonly safe and your database cannot be accessed from outside.