Hi,

I have a Apache server on Debian 6.0
On my server I've had some trouble with infected sites where they execute all sorts of commands and do all kinds of crazy stuff. Just last night I found some perl-scripts that looked like IRC bots. I found them when I scanned the server with F-Secure for Linux.

However, I'm wondering if it's possible and/or wise to restrict shell_exec if it's even possible?

It's kind of scary that my costumers can execute whatever command they like and get infected by stuff like that..

What's the best way to protect yourself against these kinds of attacks? Are there any software that I can run 24/7 to check for harmful software or something like that?
And also the perl scripts that I found didn't show up as perl scripts when I ran 'ps aux', they gave away a fake command name instead to masquerade it as the Apache process..

Any information at all on how to secure a webserver is appreciated.

Thanks,