Recently Uploaded CGI Script Mail message?

view story

http://forums.cpanel.net – I wish to know exactly what script on server is responsible for doing the check and sending out the email, for "Recently Uploaded CGI Script Mail"? I'm asking because I want to modify the script to also check for text "rot13" in uploaded pages. We been having problem with these newer programs written in php and they require at least one or more public upload directories. Eventually hackers seem to find these and they upload scripts. However I've noticed every time they upload script they attempt to hide the URL with rot13 encoded. So very easy to detect them. Thank (HowTos)