There are really two issues here. One is SSH and the other is HTTP.
SSH is easy. Get a static ip or figure out the ip range for your ISP. Drop any connection not in that IP range using iptables on that port. Done.
HTTP requires more creativity. It really depends on how you have things set up. I have a honeypot default vhost on Apache. If you enter just the IP address for the server, you get the honeypot. That's what most of these bots will hit. The 404 errors caused are very annoying and mess up the logs. On the honeypot, I have a RewriteRule that rewrites anything that would cause a 404 to index.html which is a blank page.
SSH is easy. Get a static ip or figure out the ip range for your ISP. Drop any connection not in that IP range using iptables on that port. Done.
HTTP requires more creativity. It really depends on how you have things set up. I have a honeypot default vhost on Apache. If you enter just the IP address for the server, you get the honeypot. That's what most of these bots will hit. The 404 errors caused are very annoying and mess up the logs. On the honeypot, I have a RewriteRule that rewrites anything that would cause a 404 to index.html which is a blank page.