# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
# grep -Rn "shell *(" /var/www
passthru
shell_exec
system
phpinfo
base64_decode
chmod
mkdir
fopen
fclose
readfile
php_uname
eval
edoced_46esab
popen
include
create_function
mysql_execute
php_uname
proc_open
pcntl_exec
``
include_once
require
require_once
posix_mkfifo
posix_getlogin
posix_ttyname
getenv
get_current_user
proc_get_status
get_cfg_var
disk_free_space
disk_total_space
diskfreespace
getcwd
getlastmo
getmygid
getmyinode
getmypid
getmyuid
assert
extract
parse_str
putenv
ini_set
pfsockopen
fsockopen
apache_child_terminate
posix_kill
posix_setpgid
posix_setsid
posix_setuid
tmpfile
bzopen
gzopen
chgrp
chown
copy
file_put_contents
lchgrp
lchown
link
mkdir
move_uploaded_file
symlink
tempnam
imagecreatefromgif
imagecreatefromjpeg
imagecreatefrompng
imagecreatefromwbmp
imagecreatefromxbm
imagecreatefromxpm
ftp_put
ftp_nb_put
exif_read_data
read_exif_data
exif_thumbnail
exif_imagetype
hash_file
hash_hmac_file
hash_update_file
md5_file
sha1_file
highlight_file
show_source
php_strip_whitespace
get_meta_tags
str_repeat
unserialize
register_tick_function
register_shutdown_function
getuid
uname
gethostname