Two things, @Centaro :
-
Enable fail2ban, configure it to monitor the ports and services that you are using so that brute force attacks on your server can be contained.
-
Enable 2FA for Webmin / Virtualmin for the important accounts, if not all all accounts.