c99shell is a PHP script, provides a remote malicious user with access to the victim machine.

This backdoor is able to conduct the following actions on the remote server:
1. provide full access to files on the hard disk
2. Calculate a range of hashes for strings
3. launch the command interpreter and bind its standard input/ output to a specific TCP port
4. bind the standard input/ output of the command interpreter to data from the IRC server (datapipe)
5. view a list of processes launched on the server
6. execute random PHP code
7. download/ upload files from/to the server
8. search the server’s hard disk for files with specific content
9. manage mysql databases (view/ create/ edit databases/tables)
10. run shell commands
11. scan FTP server accounts for weak passwords (e.g. where the account name and password co-incide)
12. delete the copy of itself from the server hard disk on command
13. create a user account without password
14. view active users in the system
15. delete records of its own activity from Apache server logs
16. exploit a range of Linux kernel and bash command interpreter vulnerabilies
17. run via the proxy server shown below

How to protect the site against c99shell:
The simplest way is disable php functions server wide using the option disable_functions in php.ini

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open