Site Hacked With 404.php Shell - More Info?

Hi,
My website was hacked using the following 404.php shell file, which I found uploaded to my site. I checked my logs and I can see that the point of entry was through http and not ftp or ssh.
http://pastebin.com/pXACCsW4
I'm new to this whole area, and I'm just trying to learn more about it and also how to protect myself better.
I see in the http log file there are a bunch of "GET" lines, but then all of suddend I can see a "POST" line show up showing the upload of the 404.php file. I'm trying to find out how exactly was this hacker able to post this file to my site.
The only entry points I can think of is I have Kayako Live Chat on my website; could this file be injected through this Live Chat feature? Or I also have a WordPress blog on my site; could this file been injected via posting comments or trackbacks on the blog?
Thank you!
My website was hacked using the following 404.php shell file, which I found uploaded to my site. I checked my logs and I can see that the point of entry was through http and not ftp or ssh.
http://pastebin.com/pXACCsW4
I'm new to this whole area, and I'm just trying to learn more about it and also how to protect myself better.
I see in the http log file there are a bunch of "GET" lines, but then all of suddend I can see a "POST" line show up showing the upload of the 404.php file. I'm trying to find out how exactly was this hacker able to post this file to my site.
The only entry points I can think of is I have Kayako Live Chat on my website; could this file be injected through this Live Chat feature? Or I also have a WordPress blog on my site; could this file been injected via posting comments or trackbacks on the blog?
Thank you!