Detecting potentially malicious PHP code using checksums and heuristics on parse trees