securing /tmp directory ?

[iv81]

Is there any info out there on how to properly secure a /tmp directory against executing exploits? I've had a number of spam sent out from my server and it's realy annoying to find these things in tmp folder being responsible,..

Here is for example a part of return header sent back to me today..

X-Source: /usr/bin/php
X-Source-Args: php 002.php
X-Source-Dir: /tmp/.desi

So uppon logging in with root, I've discovered those files being in /tmp/.desi/002.php along with a txt file list off emails . I've so far deleted those files and some other suspicious txt files and suspended exim. I'd be glad if anyone out there could walk me step by step to secure /tmp against this garbage

I've searched all httpd logs for "tmp" and found nothing relating to how some script kiddies got into my server, this is a mystery yet to be solved

[bornonline]

Tried this?
/scripts/securetmp

[iv81]

Tried this?
/scripts/securetmp

Never have but this is what I've just done..

[root@server /]# cd scripts
[root@server scripts]# ./securetmp
Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) y
Securing /tmp & /var/tmp
/tmp is already secure
/var/tmp is already secure
Checking fstab for entries...Done
Logrotate TMPDIR already configured
Process Complete
[root@server scripts]#


so it sais it's already secure, does that mean it has been secure before?.. or it wasn't until now? i'm confused.

also, is there any way to trace how those files got into tmp in the first place?.. I'd realy like to patch those holes.