Outdated: This post was written as an educational curiosity. The functions and behaviors described may differ in modern PHP versions. The shell_exec() approach would not work in most modern PHP environments, where dangerous functions are disabled by default.

1. Stack overflow (e.g calling a function inside itself).

function a() { a(); }

a();

First you define a function called a() and the function’s sole purpose is to call itself again, causing an infinite loop. Then you just call the function.

2. Excessive Memory Allocation Using str_repeat

str_repeat("a", 10000000000);

The above code will cause PHP to use too much memory (which will cause the process to close), if the correct memory or script runtime limits are not properly configured.

3. Kill the Apache Process with PHP Script

shell_exec("killall -11 httpd");

This simple code will kill (end) all running Apache processes, except the Daemon (which runs as Root). All other Apache processes run under the same user, which means that one of them with the harmful script, mentioned above can easily kill the rest. The best way to ensure Apache’s protection in this case is to disable execution commands such as exec() or shell_exec() using the disable_functions() directive.