I really need help here :(

my forum got hacked 3 times, and i detected the hacker use RFI(Remote file inclusion) after i found an avatar image contain Phpshell code inside it. and the weird thing is when i tried to use RFI on Apache it will not run the phpshell,

You can see here:

http://www.ceriwis.org/rfi.php?hal=ass.jpg <------------ using NGINX and phpshell executed

and

http://ceri.ws/rfi.php?hal=ass.jpg <---------------- using Apace and phpshell unable to executed

im using Nginx 0.8.53 and php-fpm

I really need solution to solve my problem guys. i want to stop the image to get executed like Apache does..
Please give me solution. thanks