easy, block them from accessing the bitcoind using chmod so only root (who should be the owner) can execute, and in the sudoers file you can block it so it becomes a root only command, I have done this before for clients
So you're saying that running bitcoind as root is more secure than running it under a less-privileged user?
you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that
Links secured from the outside? That doesn't make any sense to me. Scripts and includes which are not meant to be accessible via the browser simply aren't stored in the docroot.
All security won't help you if there's a bug in the source, no input validation, or a way to interact with the site that was not considered by the developer.