| Current File : /home/tdmfgi5/.imh/str_2017-01-25_18:43:14 |
>>> /opt/sharedrads/check_user tdmfgi5 --plaintext
#################################################################################
INMOTION HOSTING .:: SHARED RADS ::. SHARED RESOURCE ABUSE DETECTION SCRIPTS
#################################################################################
Wed Jan 25 18:43:02 EST 2017
Displaying today's most recent CPU usage data as recorded by process accounting
CPU minutes: 290.82cp (3.91%) Actual time: 6954.47re (0.25%)
(since my last data poll @ 18:07 EST tdmfgi5 burned another ~21 cp)
# of executions for CPU intensive processes that have been spawned by this user today
php: 3988 perl: 0 imap: 783 pop3: 0 exim: 1949 boxtrap: 0 ftp: 0 cron: 0
CPU minutes used today Historical CPU usage data Most expensive processes
12:00AM EST :: 1.07cp Jan 24 :: 287.96cp (3.16%) php-cgi :: 28.59 secs
03:00AM EST :: 43.6cp Jan 23 :: 196.76cp (2.20%) php-cgi :: 28.51 secs
06:00AM EST :: 82.0cp Jan 22 :: 215.10cp (2.91%) php-cgi :: 28.38 secs
09:00AM EST :: 125.cp Jan 21 :: 196.32cp (2.75%) php-cgi :: 28.37 secs
12:00PM EST :: 166.cp Jan 20 :: 219.68cp (2.50%) php-cgi :: 28.08 secs
03:00PM EST :: 213.cp Jan 19 :: 312.80cp (3.71%) php-cgi :: 28.04 secs
06:00PM EST :: 269.cp Jan 18 :: 290.29cp (3.35%) php-cgi :: 27.60 secs
(no data available) Jan 17 :: 223.36cp (2.57%) php-cgi :: 27.43 secs
Displaying top utilization processes for user as recorded by cPanel and dcpumon
Top Process %CPU 141 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php
Top Process %CPU 116 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php
Top Process %CPU 115 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php
RADS has detected these custom cron jobs currently enabled for this account
SHELL="/bin/bash"
* * * * * cd /home/tdmfgi5/public_html; php /home/tdmfgi5/public_html/cron.php > /dev/null
2 23 * * 0 /usr/local/bin/imap-archiver -p -q
USER QUERIES TIME LOCKTIME ROWSSENT ROWSRECVD
tdmfgi5 7 29 0 2 7
ERROR: Could not locate any bandwidth data for tdmfgi5 in /var/cpanel/bandwidth/
>>> /opt/sharedrads/nlp tdmfgi5 -p -w 80 --today
Using /usr/local/apache/domlogs/tdmfgi5/pur-tungsten.tdmfginc.com
�[1;35m-Hourly hits (25/Jan/2017)------------------------------------------------------�[0m
07: 58 08: 188 09: 161 10: 92 11: 259 12: 295 13: 289 14: 1116
15: 97 16: 110 17: 133 18: 95
�[1;35m-HTTP response codes------------------------------------------------------------�[0m
200: 1695 301: 49 302: 518 304: 55 404: 12 406: 564
�[1;35m-Duplicate requests + response codes--------------------------------------------�[0m
479 302 POST /wp-login.php
474 406 POST /xmlrpc.php
353 200 GET /2014/07/06/audio-post-format/
250 200 GET /2015/11/02/hello-world/
88 406 POST /wp-login.php
46 200 GET /
33 200 POST /xmlrpc.php
33 302 POST /wp-comments-post.php
31 200 GET /wp-login.php
27 200 GET /product/maxi-belt/
�[1;35m-Requests for non-static content------------------------------------------------�[0m
480 302 POST /wp-login.php
474 406 POST /xmlrpc.php
353 200 GET /2014/07/06/audio-post-format/
250 200 GET /2015/11/02/hello-world/
88 406 POST /wp-login.php
54 200 GET /
36 200 GET /wp-login.php
33 200 POST /xmlrpc.php
33 302 POST /wp-comments-post.php
27 200 GET /product/maxi-belt/
�[1;35m-Top user agents----------------------------------------------------------------�[0m
493 "XML-RPC.NET"
491 "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"
355 "Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20100101 Firefox/17.0"
214 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ch
148 "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
122 "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko
86 "Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG-SM-G900A Build/MMB29M) AppleWe
80 "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
77 "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrom
73 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
�[1;35m-Top IPs with PTR records-------------------------------------------------------�[0m
989 103.243.25.92 No Record Found
148 204.239.146.2 204-239-146-2.husseyseating.com.
122 62.210.203.128 ds2445-06-n.solidseodedicated.com.
86 162.199.61.190 162-199-61-190.lightspeed.rcsntx.sbcglobal.net.
80 90.133.139.5 m90-133-139-5.cust.tele2.lv.
77 128.72.5.248 128-72-5-248.broadband.corbina.ru.
73 79.111.188.181 ip-79-111-188-181.bb.netbynet.ru.
68 78.186.156.100 78.186.156.100.dynamic.ttnet.com.tr.
47 103.219.23.200 No Record Found
46 101.109.110.141 node-lu5.pool-101-109.dynamic.totbb.net.
>>> /opt/sharedrads/recent-cp tdmfgi5 -b
�[2K+-----------+------------------+------------------+------------------+------------------+
| command | 1m | �[4m5m�[0m | 15m | 60m |
+-----------+------------------+------------------+------------------+------------------+
| pyzor | 0.00s 0.0% | 0.00s 0.0% | 0.10s 0.0% | 0.57s 0.0% |
| rm | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| sendmail | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| imap | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.08s 0.0% |
| cat | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| exim | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.03s 0.0% |
| proxyexec | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| whoami | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| bash | 0.07s 46.7% | 0.10s 0.1% | 0.11s 0.0% | 0.58s 0.0% |
| php | 0.08s 53.3% | 0.36s 0.4% | 1.02s 0.3% | 3.83s 0.2% |
| php-cgi | 0.00s 0.0% | 98.51s 99.5% | 383.76s 99.7% | 1828.39s 99.7% |
+-----------+------------------+------------------+------------------+------------------+
| total | 0.15s 100.0% | 98.97s 100.0% | 384.99s 100.0% | 1833.48s 100.0% |
+-----------+------------------+------------------+------------------+------------------+
s = processs user time in cpu seconds, cp = user time + system time in cpu minutes
>>> Running processes prior to suspension
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tdmfgi5 152507 0.0 0.0 34936 3404 ? S 09:17 0:00 dovecot/imap
tdmfgi5 325241 102 0.0 362416 106984 ? R 18:43 0:02 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php