My IP Logged in DDoS!

My IP was reported to SM as unauthorized traffic generator. This is part for the report submitted to SM:

15 2004-11-10 14:00:26.379406 123.123.123.123 -> 33.33.222.11 UDP Source

port: 45390 Destination port: 80
Few days ago I found suspicious files in tmp directories such as eggdrop, minitty, and syslogd. I deleted them and suspended the users who put them on the server. They used some shell script to do that.

Now, how can one stop users from using shell scripts (perl and php) without breaking legal code. For example enabling php's safe-mode will result in lots of complaints. Secondly, securing tmp dirs without breaking mysql seems a challenge in linux, right? Can apf be configured to prevent opening arbitrary ports such as the one given above?

TIA

 

 

 

 

Top