Useful Server Commands
Checking for abusive IPS
echo “IP’s with most requests:”;find /usr/local/apache/domlogs/ -maxdepth 1 -type f|xargs grep $(date +%d/%b/%Y) |awk ‘{print $1}’|cut -d’:’ -f2|sort |uniq -c|sort -rn|head -100
Then go here to check it: https://www.abuseipdb.com
Check for XMLRPC hits
[root@host ~]# grep max_children /path-to-errorlog/error.logFPM hits
find /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/ -type f -name error.log
grep max_children /opt/cpanel/ea-php80/root/usr/var/log/php-fpm/error.log
Fixing WP file permissions (cd into public_html)
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
Find large files
find / -xdev -type f -size +100M -exec ls -la {} \; | sort -nk 5
Working with IPTABLES
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
Checking website headers
curl -IL google.com
Safe Security Headers to Apply (Bare minimum)
Header always set X-Content-Type-Options nosniff Header always set Strict-Transport-Security “max-age=86400; includeSubdomains;” Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Gather basic server info
clear; echo; echo “***************************************************************************”; echo -e ” Basic Server Information Gathering\n”; printf “*Hostname: “; hostname; printf “*Date: “; date; printf “*System: “; cat /etc/redhat-release; printf “*Load: “; cat /proc/loadavg | awk ‘ {print $1, $2, $3} ‘; printf “*vCPU Count: “; nproc; printf “*RAM (total-free-available): “; free -h| awk ‘ {print $2, $4, $7}’ | awk ‘FNR==2’ ; phpv=$(php -v|grep cli| awk {‘print $1 ” ” $2 ‘}) && echo -e “*PHP: $phpv”; printf “*Number of domains: ” ; if [[ -f ‘/etc/trueuserdomains’ ]]; then cat /etc/trueuserdomains | wc -l; printf “*SQL version: “; mysqladmin version |grep mysqladmin; elif [[ -f ‘/var/qmail/control/virtualdomains’ ]]; then cat /var/qmail/control/virtualdomains|wc -l; else (for i in `mysql -uadmin -p\`cat /etc/psa/.psa.shadow\` psa -Ns -e “select name from domains”`; do echo $i; done|wc -l); fi ; echo “*Active users: “; w| grep -v “load”; echo -e “\n*Disk space:”; df -h; echo “***************************************************************************”;
Traffic by domain
echo “Traffic by domain”;grep $(date +%d/%b/%Y) /usr/local/apache/domlogs/*/* | awk ‘{print $1}’ | cut -d : -f1 | sed ‘s/-ssl_log//g’ | sort| cut -d/ -f7 | uniq -c | sort -nr | head; echo “Traffic by IP”;grep $(date +%d/%b/%Y) /usr/local/apache/domlogs/*/* | awk ‘{print $1}’ | cut -d : -f 2 | sort | uniq -c | sort -nr | head; echo “wp-login by domain”;grep $(date +%d/%b/%Y) /usr/local/apache/domlogs/*/* | grep wp-login | awk ‘{print $1}’ | cut -d : -f1 | sed ‘s/-ssl_log//g’ | sort | cut -d/ -f7 | uniq -c | sort -nr | head; echo “wp-login by IP”;grep $(date +%d/%b/%Y) /usr/local/apache/domlogs/*/* | grep wp-login | awk ‘{print $1}’ | cut -d : -f2 | sort | cut -d/ -f7 | uniq -c | sort -nr | head; echo “XMLRPC by domain”;grep $(date +%d/%b/%Y) /usr/local/apache/domlogs/*/* | grep xmlrpc | awk ‘{print $1}’ | cut -d : -f1 | sed ‘s/-ssl_log//g’| sort | cut -d/ -f7 | uniq -c | sort -nr | head; echo “XMLRPC by IP”;grep $(date +%d/%b/%Y) /usr/local/apache/domlogs/*/* | grep xmlrpc | awk ‘{print $1}’ | cut -d : -f2 | sort | cut -d/ -f7 | uniq -c | sort -nr | head; echo”HTTPD -V:”;httpd -V | egrep ‘(version|MPM|Easy)’;echo “Scoreboard/MRW:”;egrep -i ‘scoreboard|maxrequestworkers’ /usr/local/apache/logs/error_log | tail