Well - if you shut down the access (make relevant files 755, 600, 444 or whatever),
then that should stop external access cmopeltely.
You can also tell the server to Not run scripts in certain locations etc.
That should offer al ittle more protection.

Of course - if they already have a script on the syste, or access via FTP, or via the server ... then you're still screwed.....