[werkshy]

With Digital Ocean you'd need to install a software firewall on the servers themselves, there is no API-configurable network-level firewall. I used 'ufw' which was quite easy to get started with (on Ubuntu), and replicated my AWS security group config pretty quickly. I added the ufw config to my host setup scripts so it happens automatically.

[sehrope]

The problem with the software one is you need a way to modify it when you can't access the instance. With AWS you do it from the admin console or APIs. If it's on the machine itself you'd have to know the IP to open up in advance or have someone at home base do it.

[jon-wood]

If you're likely to be connecting from different locations then you're probably better off having a VPN in a known location and routing connections to your servers via that VPN, rather than fiddling around with firewall rules every time you're in a new hotel.

[aeosynth]

That just shifts the problem - the VPN is vulnerable to the original attack.

[LordIllidan]

Digital Ocean (and Linode) provide Web Console support, so if you lock yourself out via i.p. - there is the console as a last resort.