Jens Segers wrote an interesting little article about fail2ban. This piece of software prevents unauthorized pundits from accessing your server. You'll be happy to know that is installed by default on Forge.
The first thing I do on every server is set up the firewall so that all ports except for the SSH port are blocked from incoming requests. But with the SSH port unprotected, you still want it to be protected from illegitimate access, right? This is where fail2ban comes in. Fail2ban will automatically ban IPs that show the malicious signs such as too many password failures, seeking for exploits, etc.