Uploads directory should be public, or whatever other settings in which the webserver is able to write to it, which in term of website security makes very little difference.
You most likely have an unsecure code or unsecure server and there is not much point in rebuilding your site without first fixing those two issues first.
In addition the content you have currently in your DB can not be trusted as it might include backdoors, therefor after auditing your code you will need to audit the DB content as well.