If you are running a witness, full node, web server, or any Linux box the very first thing you should do is to stop using root to login, and set up SSH key authentication and disable root logins.
This summarises and anybody expecially network admins should take it serious.
It's sometimes to hear of boxes getting owned and compromised because of mistakes like this.
Thanks for sharing this as it'll go a long in helping a lot of persons to be security conscious when it comes to network security. You're so apt and your research and write up is spot on.
Happy Steeming