2 days ago, some bastard has found a way to upload some scripts in my /tmp folder, and after that he started an UDP flood from my server. Now I have a fresh OS, a better configured firewall, but I'm still worried because I'm not sure if I'm safe.

I have decided to use a different "upload_tmp_dir" for each domain in order to find out the site that permitted script uploading.

It would be great if I could make iptraf working but I couldn't. It doesn't see anything on venet0. Any alternative for this?

Also any advice would be great.