I have a problem with exploits in scripts that uploads stuff to the tmp directoy and run them there. It's different kinds of activites but non is welcome. So, finding these exploits is offcourse the best way to fix it but as a security method I wonder if adding a trailing slash / after the tmp in the open_basedir lines in httpd.conf will prevent the exploit/script from making a directory in tmp ? As it is no it say: <IfModule mod_php4.c> php_admin_value open_basedir "/home/user/:/usr/lib/php:/usr/local/lib/php:/tmp" </IfModule> If I instead have /tmp/ in the end it should stop it from making/access anything under /tmp right ? On some servers there are a few directories in tmp but I can't see it is needed for php scripts. - Any idea ?