c99shell - /etc/passwd

Check out CXS... ConfigServer eXploit Scanner (cxs)... This will scan for scripts (regardless of the name of the script) that have code that accesses the /etc/passwd file... You can set the scanner to remove and quarantine those scripts...

Also, there are mod_security rules you could add to prevent execution of the scripts...
https://www.atomicorp.com/products/modsecurity.html

 

Yes, you could code something yourself Be fair, people deserve payment for coding decent scripts and I'd highly recommend CXS

 

You can install mod_security with delayed rules on your server to protect your /etc/passwd file

http://updates.atomicorp.com/channels/rules/delayed/

Atomic ModSecurity Rules - Atomicorp Wiki