A php file was uploaded to my anonymous ftp. An anonymous ftp allows anyone who wants to, to upload files to my server. I read the file, to see what it does. The uploader is hoping that A) I'm running linux (I am) and B) I'm running php (I'm not) and C) he can access the file as soon as it's uploaded (he can't).
Uploads to my ftp, are not visible or accessible to the uploader.
I get one of these every few weeks; it's not as common an attack as an emailed file, but it isn't uncommon. The fact that the attack is being made, is evidence that it must succeed, at least occasionally.
Here's what you should do if you're running an anonymous ftp.
1) Don't allow web access to the place that's uploaded to.
2) If you move an uploaded file to a place that's web-accessible, look at it first. And remember that even if it has a file extension that suggests that it isn't php, it still might be.
Also, when any file is uploaded to my ftp, it's renamed on upload.
I checked it with VirusTotal. It was first uploaded to them three years ago, and even now, 20 out of 54 products don't flag it.