This is a good question.
Perhaps 'hardening' a server could be addressed on the new web pages.
It would seem to be important and pertinent for all who take the plunge and set-up a relay on a virtual private server but who may not know more than that, to secure their servers.

I would be glad to be better informed but so far I have found:-

use a substantial password or key authentication
change the port you SSH in to
don't allow logging in as root
install DenyHosts
and Fail2ban

Robert

Hi all,

I've been running a few fail relays over the past few years. All relays I run they begin with the prefix "Telos". I've recently ... begun hosting "TelosTor" and "TelosTor2" from 192.99.8.96. I would welcome any comments on security. ... I would relish the TOR community's feedback in order to further secure my tor exit node.

Thanks!
Craig