The PHP scripts of livehelp, makes the hackers upload and place their files in /tmp folder of your server and then they execute them from there. We were lucky that we found these scripts in advance of an attack.
It's hard to gain root with uploading files to /tmp, unless your server is totally unpatched and is vulnerable to all latest root exploits. The most they can do in this case is upload files and run something as nobody user or as any account user if you run phpsuexec. This is a known security issue and many scripts have this problem, example - PHPNuke. So, secure your /tmp partition, disallow access to download programs - lynx, wget, GET, compile programs - gcc, g++, etc., have a firewall installed to prevent them from running any daemons, run PHP in safe mode, install mod_security module, and you'll be much safer than with the default linux install.