| Current File : /home/tdmfgi5/.imh/str_2018-06-11_12:43:24 |
>>> /opt/sharedrads/check_user tdmfgi5 --plaintext
#################################################################################
INMOTION HOSTING .:: SHARED RADS ::. SHARED RESOURCE ABUSE DETECTION SCRIPTS
#################################################################################
Mon Jun 11 12:43:05 EDT 2018
Displaying today's most recent CPU usage data as recorded by process accounting
CPU minutes: 141.85cp (1.54%) Actual time: 3612.40re (0.19%)
(since my last data poll @ 12:07 EDT tdmfgi5 burned another ~27 cp)
# of executions for CPU intensive processes that have been spawned by this user today
php: 3146 perl: 0 imap: 497 pop3: 0 exim: 777 boxtrap: 0 ftp: 0 cron: 0
CPU minutes used today Historical CPU usage data Most expensive processes
12:00AM EDT :: 0.04cp Jun 10 :: 159.93cp (1.24%) php-cgi :: 286.26 secs
03:00AM EDT :: 25.3cp Jun 09 :: 156.42cp (1.16%) php-cgi :: 259.31 secs
06:00AM EDT :: 64.1cp Jun 08 :: 158.41cp (1.07%) php-cgi :: 242.82 secs
09:00AM EDT :: 82.3cp Jun 07 :: 161.70cp (1.06%) php-cgi :: 224.13 secs
12:00PM EDT :: 114.cp Jun 06 :: 210.53cp (1.38%) php-cgi :: 22.38 secs
03:00PM EDT :: 290.cp Jun 05 :: 176.26cp (0.99%) php-cgi :: 19.65 secs
06:00PM EDT :: 341.cp Jun 04 :: 172.00cp (1.06%) php-cgi :: 19.58 secs
09:00PM EDT :: 388.cp Jun 03 :: 136.36cp (1.08%) php-cgi :: 19.36 secs
Displaying top utilization processes for user as recorded by cPanel and dcpumon
Top Process %CPU 169 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php
Top Process %CPU 158 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php
Top Process %CPU 135 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/index.php
RADS has detected these custom cron jobs currently enabled for this account
SHELL="/bin/bash"
* * * * * cd /home/tdmfgi5/public_html; php /home/tdmfgi5/public_html/cron.php > /dev/null
2 23 * * 0 /usr/local/bin/imap-archiver -p -q
USER QUERIES TIME LOCKTIME ROWSSENT ROWSRECVD
ERROR: Could not locate any bandwidth data for tdmfgi5 in /var/cpanel/bandwidth/
>>> /opt/sharedrads/nlp tdmfgi5 -p -w 80 --today
Using /var/log/apache2/domlogs/tdmfgi5/ipsumseo.tdmfginc.com
�[1;35m-Hourly hits (11/Jun/2018)------------------------------------------------------�[0m
09: 1474 12: 58
�[1;35m-HTTP response codes------------------------------------------------------------�[0m
200: 62 404: 6 406: 1464
�[1;35m-Duplicate requests + response codes--------------------------------------------�[0m
1464 406 POST /wp-login.php
27 200 POST /wp-admin/admin-ajax.php?action=wordfence_testAjax
3 200 GET /wp-login.php
2 404 GET /?author=1
1 200 GET /
1 200 GET /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronK
1 200 GET /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronK
1 200 GET /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronK
1 200 GET /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronK
1 200 GET /wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronK
�[1;35m-Requests for non-static content------------------------------------------------�[0m
1464 406 POST /wp-login.php
27 200 GET /wp-admin/admin-ajax.php
27 200 POST /wp-admin/admin-ajax.php
6 404 GET /
3 200 GET /wp-login.php
3 200 POST /wp-cron.php
1 200 GET /
1 200 POST /
�[1;35m-Top user agents----------------------------------------------------------------�[0m
1470 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.5
56 "WordPress/4.7.10; http://www.ipsumseo.com"
3 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTM
1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML,
1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML
�[1;35m-Top IPs with PTR records-------------------------------------------------------�[0m
1473 185.234.217.28 No Record Found
56 144.208.76.152 ecld208.inmotionhosting.com.
1 13.57.220.0 ec2-13-57-220-0.us-west-1.compute.amazonaws.com.
1 69.46.36.20 noc4.wordfence.com.
1 69.46.36.28 noc1.wordfence.com.
>>> /opt/sharedrads/recent-cp tdmfgi5 -b
�[2K+-------------+------------------+------------------+------------------+------------------+
| command | 1m | �[4m5m�[0m | 15m | 60m |
+-------------+------------------+------------------+------------------+------------------+
| pyzor | 0.00s 0.0% | 0.00s 0.0% | 2.54s 0.4% | 11.58s 0.5% |
| dovecot-lda | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.19s 0.0% |
| exim | 0.00s 0.0% | 0.00s 0.0% | 0.02s 0.0% | 0.32s 0.0% |
| imap | 0.00s 0.0% | 0.05s 0.0% | 0.38s 0.1% | 3.53s 0.1% |
| pop3 | 0.01s 0.6% | 0.34s 0.2% | 3.74s 0.7% | 23.55s 1.0% |
| bash | 0.00s 0.1% | 0.70s 0.3% | 2.11s 0.4% | 4.67s 0.2% |
| php-cgi | 1.67s 99.3% | 227.20s 99.5% | 556.47s 98.4% | 2366.56s 98.2% |
+-------------+------------------+------------------+------------------+------------------+
| total | 1.68s 100.0% | 228.29s 100.0% | 565.26s 100.0% | 2410.40s 100.0% |
+-------------+------------------+------------------+------------------+------------------+
s = processs user time in cpu seconds, cp = user time + system time in cpu minutes
>>> Running processes prior to suspension
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tdmfgi5 1173744 0.0 0.0 88456 4664 ? S 12:32 0:00 dovecot/imap
tdmfgi5 1173794 0.0 0.0 88128 4408 ? S 12:32 0:00 dovecot/imap
tdmfgi5 1174746 0.0 0.0 88636 5212 ? S 12:32 0:00 dovecot/imap
tdmfgi5 1175212 0.0 0.0 88588 4928 ? S 12:32 0:00 dovecot/imap
tdmfgi5 1195899 0.0 0.0 88924 5172 ? S 12:37 0:00 dovecot/imap
tdmfgi5 1195969 0.0 0.0 89408 5624 ? S 12:37 0:00 dovecot/imap
tdmfgi5 1206936 0.1 0.0 89200 5924 ? S 12:40 0:00 dovecot/imap
tdmfgi5 1212212 0.0 0.0 88520 5144 ? S 12:42 0:00 dovecot/imap
tdmfgi5 1214003 76.1 0.0 443188 103604 ? S 12:43 0:17 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/ipsumseo.com/wp-admin/admin-ajax.php
tdmfgi5 1215671 86.5 0.0 369372 102708 ? R 12:43 0:03 /opt/php55/bin/php-cgi /home/tdmfgi5/public_html/ipsumseo.com/wp-admin/admin-ajax.php