Directadmin since version 1.39 has a built-in brute force monitor, which scan your service logs for any brute force login attempts on your system (dovecot, exim, proftpd, sshd) and sent...
If you sell additional IPs to your users, so they could connect remote servers from your hosting server using their dedicated IP as a source IP, you might want (or even need) to protect it