I see so many security problems like this that would be caught so easily if there was just a process with super basic statistical analysis capabilities watching the logs. A POST to the Copyright.php file? I'm guessing that would never be found in your logs before the bad file was deployed. Something that watches the log and determines if the entry is very different from the usual contents of the log (pick up the book 'Programming Collective Intelligence', there are a dozen different techniques you could use for this, and even the simplest should work very well) and alerts you.
And yeah, if you ever see "eval" in any code anywhere, the hair on the back of your neck should stand up.
The fact that Copyright.php is a PHP executable sets off red flags to me before I would even open up the file. Thankfully it doesn't seem like Joomla ships with any files stupidly coerced into being executable. Copyright.php was added to this installation.
This attack is very similar to the one that keeps me up at night knowing a logfile (or worse, an entire directory because of a terrible tutorial) is chmod'ed to 777. ACLs in *nix work, use them.
And yeah, if you ever see "eval" in any code anywhere, the hair on the back of your neck should stand up.