That is an appalling approach to dealing with the problem, especially
if you have an old kernel which could allow privilege escalation.
There are several approaches to actually tracking down the source
of the problem. The most obvious is to use the mod_security
module for Apache to log incoming payloads and ban requests containing
strings such as 'wget', 'r0nin', '/tmp', etc.
Another approach would be to install 'snoopy', or similar, to log
*every* executed script upon a host and then walk backwards from the
initial intrusion to the execution of the script.