Search can be really useful;
https://askubuntu.com/questions/146775/what-can-be-done-to-secure-ubuntu-server
From the above answer;
Here is a list of things I do to secure my server.
Turn on UFW (sudo ufw enable) and then only allow ports that are actually used. (sudo ufw allow 80)
Make sure MySQL only allows connections from localhost.
Enable TLS on mail services. Even if it's a self signed cert. You don't want passwords sent in the clear.
Install ssh bruteforce blockers like denyhosts or fail2ban. (sudo apt-get install denyhosts)
Look into making ssh key-based logins only.
Learn AppArmor. If you use fairly vanilla configurations, then it's extremely easy. Just make sure it's turned on. It will help reduce zero-day exploits.
Depending on physical access to the server, you may even want to look at encrypting the data on the harddisk.
Follow other recommendations in this link. EDIT: I forgot to edit this when I didn't have enough reputation to add more links. The link meant here is the last link below.
Never trust your users. If you are having multiple users with access to the system, lock them down. If you have to give them sudo access, give them only what they need.
Use common sense. Think real hard about how you'd get in if you were ever locked out. Then close those holes.
You should search for "Ubuntu Hardening" and take a look at the very long list you'll get back.
UFW which is mentioned in the quote above stands for Uncomplicated Firewall (https://help.ubuntu.com/community/UFW) which is a great and easy to use way of managing IPTables.
Regarding DDNS type attacks, you may want to look at pairing NGINX as a front-end static proxy for Apache if you're serving web content and then employ something like CloudFlare to handle your DNS and resilience.
There's a wealth of good articles on best practices and service setup over at Digital Ocean;
https://www.digitalocean.com/community/community_tags/ubuntu
The AskUbuntu sister site is also a wealth of knowledge and help relating to your OS;
https://askubuntu.com/
