[Corrspt]

Hey, that's a bummer. I've been in the same situation about a year ago (I thought I had done a reasonable job of securing my instalation but they hacked my web application through a vulnerability in jboss)

I blogged about it and posted on reddit. Lot's of people gave me useful feedback (checkout this link http://www.reddit.com/r/programming/comments/1vo7zv/kids_thi...)

I'd recommend (as others have said here) disabling password login via SSH (only keys), disable root login, installing fail2ban, update the system regularly, setup firewall to close ports that don't need to be open.