1. Set a secure and unique root password
Using easy passwords like "pass1234" or "dog" can result in unauthorized access to your server. Always make sure that you set a unique root password that is not a dictionary word or something that can be easily guessed. It is recommended to use a password of at least 8 characters and consisting of letters, numbers, and symbols.
2. Use a firewall (like iptables)
A firewall acts as a barrier between your VPS and the rest of the world. With a firewall you can decide what packets do and do not get access to your server. Which ports, which IP's, etc. Using this type of access restriction can help you protect your server.
3. User accounts
Root accounts are the primary target of attackers. One method used to prevent this is to disable root login access. Users login via a seperate user account, then escalate to root level privileges after logging in.
4. Change the SSH listening port
As port 22 is the default listening port for SSH, it is a common port targeted by attackers. To prevent this, a common practice is to change the SSH port to something else.
5. Prevent brutforce attempts and ban malicious users
By running software like fail2ban, you can block off access to IP's that attempt bruteforce attacks on your server.
6. Run up to date software
7. Cleaning up after an attack
It is advised to always start fresh with a clean OS install. Make sure that you have backups of your critical data first and that you have checked this data to make sure that no malicious scripts have been inserted.