You can move the wp-config file one level up.
You can also create a .htaccess file and upload it to your uploads folder with this code:
<Files ~ ".*..*">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch ".(jpg|jpeg|jpe|gif|png)$">
Order Deny,Allow
Allow from all
</FilesMatch>
Or install a plugin for security which also scans your installation so you can more easily find the malicious code. http://wordpress.org/plugins/wordfence/
More security . http://codex.wordpress.org/Hardening_WordPress