...
Tools such as denyhosts or Fail2ban can be used to analyse log files and ban IP addresses that are attempting to make brute-force attacks to your application. They are very powerful tools, but they have to be used used with care as they can lead to false positives, i.e. Banning IPs that should not be banned. These tools are a best practice to provide 24/7 services, while may not be necessary for single user VMs.
The images provided by ECMWF come with fail2ban preconfigured and active.
Software
Running secure software is also very important. It is not a trivial task to develop fully secure software, but there are some simple strategies that will help with the task.
...