Block all outgoing ssh traffic
It's not that easy. If your server got compromised, you got to investigate it.
First, block all incoming traffic to it, but your service (example, ports 80 and 443) Block access to ssh from any source, but your.
Second, I suggest starting installing and running softwares like clamav, chkrootkit and rkhunter. These software can scan your machine and identify several well-known exploits.
Third, take a look at all running process, logs and the like
Fourth, apply some hardening techniques to your machine