http://www.perlmonks.org?node_id=844210


in reply to Possible intrusion?

An idea: why don't you mount /tmp with a noexec flag, so that they can't run anything from it even if they uploaded their malicious code? (For this, /tmp has to be on a separate partition.)