| Current File : /home/tdmfgi5/.imh/str_2019-09-05_12:43:08 |
>>> /opt/sharedrads/check_user tdmfgi5 --plaintext
#################################################################################
INMOTION HOSTING .:: SHARED RADS ::. SHARED RESOURCE ABUSE DETECTION SCRIPTS
#################################################################################
Thu Sep 5 12:43:02 EDT 2019
Displaying today's most recent CPU usage data as recorded by process accounting
CPU minutes: 119.48cp (3.25%) Actual time: 2030.40re (0.29%)
(since my last data poll @ 12:07 EDT tdmfgi5 burned another ~18 cp)
# of executions for CPU intensive processes that have been spawned by this user today
php: 5853 perl: 0 imap: 841 pop3: 0 exim: 6 boxtrap: 0 ftp: 0 cron: 0
CPU minutes used today Historical CPU usage data Most expensive processes
12:00AM EDT :: 0.50cp Sep 04 :: 165.37cp (2.22%) php-cgi :: 6.10 secs
03:00AM EDT :: 17.1cp Sep 03 :: 108.29cp (1.26%) php-cgi :: 6.05 secs
06:00AM EDT :: 34.6cp Sep 02 :: 88.19cp (1.20%) php-cgi :: 5.80 secs
09:00AM EDT :: 62.4cp Sep 01 :: 103.97cp (1.07%) php-cgi :: 5.70 secs
12:00PM EDT :: 101.cp Aug 31 :: 85.81cp (0.93%) php-cgi :: 5.64 secs
(no data available) Aug 30 :: 110.02cp (1.00%) php-cgi :: 5.50 secs
(no data available) Aug 29 :: 154.37cp (1.65%) php-cgi :: 5.29 secs
(no data available) Aug 28 :: 139.99cp (1.52%) php-cgi :: 5.14 secs
Displaying top utilization processes for user as recorded by cPanel and dcpumon
Top Process %CPU 115 /opt/php56/bin/php-cgi /home/tdmfgi5/public_html/tdmfginc.com/wp-cron.php
Top Process %CPU 105 /opt/php56/bin/php-cgi /home/tdmfgi5/public_html/tdmfginc.com/index.php
Top Process %CPU 85.0 /opt/php56/bin/php-cgi /home/tdmfgi5/public_html/tdmfginc.com/index.php
RADS has detected these custom cron jobs currently enabled for this account
SHELL="/bin/bash"
* * * * * cd /home/tdmfgi5/public_html; php /home/tdmfgi5/public_html/cron.php > /dev/null
2 23 * * 0 /usr/local/bin/imap-archiver -p -q
USER QUERIES TIME LOCKTIME ROWSSENT ROWSRECVD
tdmfgi5 1 31 0 0 0
ERROR: Could not locate any bandwidth data for tdmfgi5 in /var/cpanel/bandwidth/
>>> /opt/sharedrads/nlp tdmfgi5 -p -w 80 --today
Using /var/log/apache2/domlogs/tdmfgi5/tdmfginc.com
�[1;35m-Hourly hits (05/Sep/2019)------------------------------------------------------�[0m
08: 452 09: 237 10: 424 11: 637 12: 704
�[1;35m-HTTP response codes------------------------------------------------------------�[0m
200: 1895 301: 79 302: 4 304: 174 404: 1 406: 144 503: 157
�[1;35m-Duplicate requests + response codes--------------------------------------------�[0m
595 200 POST /wp-admin/admin-ajax.php?_fs_blog_admin=true
152 503 POST /xmlrpc.php
144 406 POST /xmlrpc.php
36 200 GET /
26 200 GET /robots.txt
26 200 GET /wp-login.php
23 200 POST /wp-login.php
18 200 POST /
14 200 GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.11
13 200 GET /wp-includes/js/jquery/jquery.js?ver=1.12.4
�[1;35m-Requests for non-static content------------------------------------------------�[0m
597 200 POST /wp-admin/admin-ajax.php
152 503 POST /xmlrpc.php
144 406 POST /xmlrpc.php
136 200 POST /
133 200 POST /wp-cron.php
50 200 GET /
27 200 GET /wp-login.php
24 200 GET /wp-admin/admin-ajax.php
23 200 POST /wp-login.php
23 301 GET /request-a-quote/
�[1;35m-Top user agents----------------------------------------------------------------�[0m
1100 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:68.0) Gecko/20100101 Fir
285 "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
271 "WordPress/4.9.11; http://tdmfginc.com"
184 "The Knowledge AI"
99 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, lik
66 "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
65 "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/
45 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, lik
42 "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
32 "Mozilla/5.0 (compatible; adscanner/)"
�[1;35m-Top IPs with PTR records-------------------------------------------------------�[0m
1118 76.124.35.212 c-76-124-35-212.hsd1.pa.comcast.net.
271 144.208.76.152 ecld208.inmotionhosting.com.
212 89.25.69.43 89-25-69-43.ip.btc-net.bg.
184 64.62.252.176 No Record Found
48 24.39.198.118 rrcs-24-39-198-118.nys.biz.rr.com.
45 109.245.32.34 net34-32-245-109.mbb.telenor.rs.
45 18.237.104.143 ec2-18-237-104-143.us-west-2.compute.amazonaws.com.
42 96.10.134.86 rrcs-96-10-134-86.midsouth.biz.rr.com.
38 186.26.116.139 139.116.26.186.static.intelnet.net.gt.
35 12.52.164.147 No Record Found
>>> /opt/sharedrads/recent-cp tdmfgi5 -b
�[2K+-----------+------------------+------------------+------------------+------------------+
| command | 1m | �[4m5m�[0m | 15m | 60m |
+-----------+------------------+------------------+------------------+------------------+
| cat | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| pop3 | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 3.38s 0.2% |
| exim | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.01s 0.0% |
| sh | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| proxyexec | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| whoami | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% | 0.00s 0.0% |
| bash | 0.00s 1.1% | 0.01s 0.0% | 0.02s 0.0% | 0.07s 0.0% |
| webmaild | 0.00s 0.0% | 0.01s 0.0% | 0.07s 0.0% | 0.43s 0.0% |
| imap | 0.00s 0.0% | 0.17s 0.4% | 1.04s 0.4% | 7.19s 0.4% |
| zip | 0.00s 0.0% | 2.25s 5.1% | 11.16s 4.6% | 23.27s 1.2% |
| php-cgi | 0.09s 98.9% | 41.98s 94.5% | 228.52s 94.9% | 1979.31s 98.3% |
+-----------+------------------+------------------+------------------+------------------+
| total | 0.09s 100.0% | 44.41s 100.0% | 240.81s 100.0% | 2013.81s 100.0% |
+-----------+------------------+------------------+------------------+------------------+
s = processs user time in cpu seconds, cp = user time + system time in cpu minutes
>>> Running processes prior to suspension
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tdmfgi5 3578 0.0 0.0 85112 5824 ? S 08:31 0:00 dovecot/imap
tdmfgi5 68228 0.2 0.0 381956 119020 ? S 12:22 0:03 /opt/php70/bin/php-cgi /home/tdmfgi5/public_html/pur-tungsten.com/wp-admin/admin-ajax.php
tdmfgi5 69436 0.0 0.0 90496 6520 ? S 10:13 0:00 dovecot/imap
tdmfgi5 83215 0.0 0.0 86648 6772 ? S 11:43 0:00 dovecot/imap
tdmfgi5 83950 0.0 0.0 87348 6864 ? S 11:44 0:00 dovecot/imap
tdmfgi5 97350 0.0 0.0 86524 6260 ? S 09:35 0:00 dovecot/imap
tdmfgi5 143880 0.0 0.0 85768 5808 ? S 12:38 0:00 dovecot/imap
tdmfgi5 157800 1.3 0.0 130592 20972 ? S 12:42 0:00 /usr/bin/zip -n .jpg:.JPG:.jpeg:.JPEG:.png:.PNG:.gif:.GIF:.zip:.ZIP:.gz:.GZ:.bz2:.BZ2:.xz:.XZ:.rar:.RAR:.mp3:.MP3:.mp4:.MP4:.mpeg:.MPEG:.avi:.AVI:.mov:.MOV -v -@ /home/tdmfgi5/public_html/pur-tungsten.com/wp-content/updraft/backup_2019-09-05-1222_Shop_PurTungsten_58339fd74a7e-plugins.zip.tmp
tdmfgi5 160849 131 0.0 344888 91948 ? R 12:43 0:01 /opt/php56/bin/php-cgi /home/tdmfgi5/public_html/tdmfginc.com/index.php
tdmfgi5 185457 0.0 0.0 85232 6020 ? S 12:06 0:00 dovecot/imap