In one of my servers I found a PHP file. A file that contains compressed and encoded code in base64, an operation that is nested two or more times.
I need to know what configuration I need to add to Apache, php.ini and filesystem to prevent or minimize the impact of it in the future. And how prevent upload of this file again if possible. Apparently it's a problem on the net, but I only care about this server.
I block some funcions I don't use like:
ini_set, set_time_limit, set_magic_quotes_runtime, error_reporting, posix_getpwuid, posix_getgrgid
Do I need to change all my passwords frequently too? Limit terminal access users? Change some file modes?