Some years ago I had the personal pleasure of know c99.php: a website of a friend of mine got caught by this unpleasant visitor.

For those who don't know this script, it is a little piece of art: once uploaded to a website, it allows the attacker to change everything that is changeable and to hack everything that is hackable, if such verb exits. Well, to the point: I am the type of person that thinks that the solution is not to create an automatic to tool to scan the server every X minutes and detect it and delete this type of files. The solution is to put in place the security measures to avoid and minimize the posibility of these scripts to prosper.

After examining the website, soon we realized that there are ways to avoid an attack of this nature without restricting too much the security of your instalation. Here is a little resume of what we have learned of that days.