Checking log for hacked site

Hacked info will be present in the domlog. Get the path of the domlog for the domain from httpd.conf file.

sudo grep user /usr/local/apache/conf/httpd.conf

Grepping the hacked log :

sudo grep domain.com /usr/local/apache/domlogs/domain.com | grep 03/Jun/2016 | grep POST

Grepping the IPs:

sudo grep domain.com /usr/local/apache/domlogs/domain.com | grep 03/Jun/2016 | grep POST | awk '{print $1}' | cut -d: -f1 | sort | uniq -c | sort -n

You can check the location of the IP by going to http://www.ipligence.com/iplocation

You can block the IP by going to cPanel > IP deny manager

Subscription is not synced with the service plan in windows plesk panel

Please follow the below steps to sync the plan:

Login to Plesk

Click on subscriptions

Customize

Adjust the resources as per the available resource and save the plan.

Enable Jail Shell using Command in cPanel

To setup jailshell access for a user from the command line interface, simply use the operating system's change shell command as root :

# chsh -s /usr/local/cpanel/bin/jailshell ${username}

Username = cPanel username 

Show the inode usage for folders within your working directory

Following command will list complete inode usage from different folders with in the present working directory:

echo "Detailed Inode usage for: $(pwd)" ; for d in `find -maxdepth 1 -type d |cut -d\/ -f2 |grep -xv . |sort`; do c=$(find $d |wc -l) ; printf "$c\t\t- $d\n" ; done ; printf "Total: \t\t$(find $(pwd) | wc -l)\n"

Limiting number of HTTP Connections Per IP/Host

You can limit number of HTTP connections from single IP or Host using IPTABLES

The syntax is as follows :

/sbin/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset

Example:

/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

Above command will limit 20 HTTP connections per IP

Data error in File Manager

When you click on the File Manager in cPanel you get the following error :

Data error!

This error is caused by a corrupt mime type cache file. Rename the file and cPanel will generate a new one.

mv -v /home/<user>/.cpanel/datastore/SYSTEMMIME{,.bak}

How to read the summary area fields describing CPU statistics from the top command log ?

When you run the "top" command in SSH , you get the results as following :

top - 19:46:04 up 18 days, 4 min, 1 user, load average: 0.16, 0.24, 0.27

Tasks: 138 total, 1 running, 137 sleeping, 0 stopped, 0 zombie

Cpu(s): 5.1%us, 2.4%sy, 0.2%ni, 89.5%id, 2.7%wa, 0.0%hi, 0.0%si, 0.0%st

Mem: 3887124k total, 3420008k used, 467116k free, 419972k buffers

Swap: 8392696k total, 269884k used, 8122812k free, 1395624k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

1 **** 20 0 19356 1052 836 S 0.0 0.0 0:06.04 init

2 **** 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd

3 **** RT 0 0 0 0 S 0.0 0.0 0:10.97 migration/0

4 **** 20 0 0 0 0 S 0.0 0.0 0:50.46 ksoftirqd/0

In this cpu(s) line can be read as following :

{ Cpu(s): 5.1%us, 2.4%sy, 0.2%ni, 89.5%id, 2.7%wa, 0.0%hi, 0.0%si, 0.0%st }

us = user mode

sy = system mode

ni = low priority user mode (nice)

id = idle task

wa = I/O waiting

hi = servicing IRQs

si = servicing soft IRQs

st = steal (time given to other DomU instances)