I suggest either diabling that user's domain until they upgrade their phpBB, mounting /tmp on it's own partition with noexec, mass-patching the viewtopic.php file, and/or installing mod_security on your server.
mod_security is of course one of the better ways to go, as it will patch several things going on with php right now... cross scripting, the bb exploit, so on and so forth.
The Process Resource MOnitor I was mentioning has a step-by-step at the Ev1 forum (
http://forum.ev1servers.net/showthread.php?s=&threadid=25376)
eth0 from the Ev1 forum also has several "How-Tos" on his site... most notably are:
mod_security:
http://eth0.us/?q=node/17
PHP Security (quick fix):
http://eth0.us/?q=node/22
Securing tmp directory:
http://eth0.us/?q=node/11
There's some other stuff there too, but these are the basics you should look into.
Also, on a side-note... look into a yum upgrade of PHP... atomicrocketturtle keeps pretty up to date on the archives he offers, and puts them through some pretty rigerous testing before making them "public stable"... upgrading your servers php to 4.3.10 (not the Plesk php, but the server PHP) might also help to prevent some of the exploits that are happening on your server.
Also look into rkhunter.. what's happening now can count as a server compromise, and could be more serious than it initially looks. Check over your server to make sure that all that has happened is a few files getting downloaded into tmp.