Once, a vulnerability was revealed on one of the file hosting services through which an attacker could upload files to a PHP server and execute it, the vulnerability was fixed and just in case, I wrote a script that would send an email if a PHP file was found in the specified directory:
#!/bin/bash
findphp=`find /home/user/public_html/share/ -type f -iname "*.php"`
if [[ -n $findphp ]];
then
echo "$findphp"
(echo "Subject:DANGER! $findphp"; echo "$findphp";) | sendmail test@ixnfo.com
fi