We're reallly plagued by script-kiddies uploading scripts to /tmp and executing them via perl. Yes, /tmp IS mounted nosuid,noexec,nodev,noatime so they can't run programs from this directory, but they can run perl from another location using the script (textfile) uploaded in /tmp. We're running the full rulesets from http://www.gotroot.com/mod_security rules but still they manage to upload and run the scripts. I usually find scrips (text-files) in /tmp, but sometimes also in directories with 777-permissions, which customers create to allow webapps to upload files since php runs as apache and not as the user :-( What happens if I disable perl by chmodding /usr/bin/perl to 000 (as I have done with /usr/bin/*cc*)? Will this break things? Is there a way to stop perl-scripts from being executed like this? Do anyone have scripts that I can run as a cronjob which kill unknown processes run as user apache for more than 5 minutes (or something)?