It\'s running much less dangerously now to tell you the truth.
Right off I\'d do a locate for \"rmagic.pl\" and then chmod 0000 rmagic.pl
and chattr +i rmagic.pl
That\'s basically the mean way.
Safe way would be to take out the references to the running of the script in the cpanel frontend (/usr/local/cpanel/base/frontend), under Analog, this takes approximately 8483 times longer than the mean way.