Avoiding /tmp directory exploits
On a Linux webserver, it's a good idea to recrate the /tmp directory on its own partition with noexec and nosuid. This will ensure that a malicious user can't stuff a rootkit into /tmp through your web server (usually via PHP) and get control of your machine.
If you're running a Linux web server, and particularly if it's using H-Sphere as a control panel, you should read this one. It's well done.