Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors.
A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment.
Backdoor in Cron
While investigating a client with repeated website infections, we came across a scenario where a cron job was being used to reinfect the site.