Protect your images folder with this simple .htaccess file.
Create a blank file, add this code to it, name it .htaccess and upload to your images file:
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe){:content:}quot;>
Order Deny,Allow
Deny from all
</FilesMatch>
This prevents any files with .php or .exe or .cgi to be executed. In other words unauthorized hacker files. For a little bit more read the full thread on the oscommerce site.