I've had a recent problem at which I got some random c99.php and a massmailer.php script sending spam like crazy.

What are some things you would do to at least block the c99.php scripts? Also what would secure an images folder from being the target of one of these horrible attacks?