PHP Server Botnet?

If you find a site with a file inclusion or upload vulnerability that lets you upload a web shell, and then you have a web shell on it and there are some files or directories where you have rwx permissions, could you somehow turn that web server into a bot for a botnet? I have heard of IRC bots like EggDrop or Tsunami (old, I know), but I wonder if there is something web or PHP-based that could do something similar. After all, if you have a web shell on a site, that means it's running PHP.

Just curious for research purposes, not anything malicious. The only way to learn how to secure stuff is to learn how it gets pwned.

from a defensive perspective, if DGAs generate gibberish-looking domains, like sdf908sd9f87sdf8sd.com or whatever, you could just block any DNS lookups that go to long strings that don't have any dictionary words in them, right?

i can't think of any legitimate use-cases for base64-looking domains

can you block domains based on regular expression?