php – I found malware on my clients' server

I want to know what this script does, but it is encrypted, since I did not find it on my clients' server, but it was executed by magento 1.9.xx. Every time I delete those files they are always restored in a minute. Here is the code
Can someone help me decipher this and how can I prevent the attacker from reloading this code? I have applied all the patches, so I do not understand how the attacker finds the form.