Script Encoding

The downside for attackers using a scripting language for a web-based backdoor is that the source code is inherently public. A specific backdoor found by the honeynet called 'r57 shell' employed multiple PHP functions to decode itself before running.
The PHP functions pack(), and gzinflate() decode the PHP code that needs to run, which is then sent into the eval() function. This is a very trivial way of obscuring source code, but it is all one can ask for when using an interpreted language like PHP.