I generally just create a secure password for my account with a provider and a secure password for root access to a VPS. On the scale of not bothered to tin foil hat I'm closer to not bothered but appreciate that I don't want/shouldn't leave easy access to resources for people to abuse.
I don't host anything massively secretive or important, and all of it can be replaced, it's just a slight headache when I have to.
Noticed tonight that one of my VPS' which had its OS magically reinstalled also had a couple of extra users in /etc/passwd (vpn related usernames). Looking at logs it'd seem to be a SSH brute force attempt, though I am with a few sh1tty providers and I wouldn't be surprised if their own security leads to any access to my box. I've since added some iptable rules for SSH access.
Anyways, the question is, what do you do, by default, to secure your own box?
Off the top off my head I'm thinking: * Obviously, long difficult to guess passwords. * Disable/remove any outward facing services you don't use * Whitelist IPs for SSH access if possible, otherwise disable SSH access for root
Anything in particular that you do?