Please note this tutorial requires that the accesslogs logformat has been updated as outlined in the below link before this will work properly.
https://forums.cyberpanel.net/discussion/3895/updating-logformat-for-better-stats-collection/
if you have already done the above please continue reading.
So I ported my cPanel version of this tool to accomodate the cyberpanel accesslogs now that they use the same standard and updated this script to handle the differences in users homedir/logs paths.
This script will need to be run with the desired cyberpanel linux user passed to it
so if this domain was “example.com” and the linux account owner of this domain was “user”
If you do not know how to see your linux user
check your ssh login information if single user.
Or login as root via ssh and stat your domain like this.
stat /home/example.com
Will look like this. Notice the uid and gid show the linux user which in this example is “user”
[root@wcloud:~]# stat /home/example.com
File: ‘/home/example.com’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fd01h/64769d Inode: 517820 Links: 15
Access: (0711/drwx–x–x) Uid: ( 5002/ user) Gid: ( 5002/ user)
Access: 2020-02-02 23:43:32.942081813 -0500
Modify: 2020-02-02 11:09:28.440639594 -0500
Change: 2020-02-02 11:09:28.440639594 -0500
Birth: -
[root@wcloud:~]#
You would run this.
bash <(curl -s https://gitlab.com/cyberpaneltoolsnscripts/snapshotbycyberpaneluser/raw/master/CyberpanelSnapshotByCyberpanelUser.sh || wget -qO - https://gitlab.com/cyberpaneltoolsnscripts/snapshotbycyberpaneluser/raw/master/CyberpanelSnapshotByCyberpanelUser.sh) user;
Keep in mind if you only recently changed the log format the stats might be slightly out of whack for the days in the old format. you can see an example of this in the sanitized logs below.
I’ll be adding new stuff to this and porting my server-level version of this for multi-account check.
if you have any suggestions for checks you look for Common CMS issues let me know I can mod this pretty easily if provide the regex or stuff to look for.
Weird edge case sometimes the access_log or logs folder perms are borked ownership wise and owned by “root:user” “lscpd:lscpd” when they should be nobody:user for OLS/LS to be able to write to them and for the access_log viewer to work in cyberpanel UI.
If that is the case this oneliner will fix that all up.
link=“https://gitlab.com/cyberpaneltoolsnscripts/cyberpanel-fixperms/raw/master/fixperms.sh”; bash <(curl -s $link || wget -qO - $link) -v -all
See here for explanation of how that works.
Example:
[root@wcloud:~]# bash <(curl -s https://gitlab.com/cyberpaneltoolsnscripts/snapshotbycyberpaneluser/raw/master/CyberpanelSnapshotByCyberpanelUser.sh || wget -qO - https://gitlab.com/cyberpaneltoolsnscripts/snapshotbycyberpaneluser/raw/master/CyberpanelSnapshotByCyberpanelUser.sh) user;
Web Traffic Stats Check
=============================================================
Apache Dom Logs POST Requests for 03/Feb/2020 for user
315 /home/example.com/logs/example.com.access_log
8 /home/example.com/logs/my.example.com.access_log
Apache Dom Logs GET Requests for 03/Feb/2020 for user
2369 /home/example.com/logs/example.com.access_log
1172 /home/example.com/logs/my.example.com.access_log
Apache Dom Logs Top 10 bot/crawler requests per domain name for 03/Feb/2020
132 /home/example.com/logs/example.com.access_log
82 /home/example.com/logs/my.example.com.access_log
Apache Dom Logs top ten IPs for 03/Feb/2020 for user
297 "example.com
11 2001
7 "my.example.com
1 91.122.30.68
1 73.178.82.176
1 73.133.66.110
1 63.155.46.5
1 2607
1 209.155.125.2
1 206.190.204.88
Show unique IP’s with whois IP, Country,and ISP
91.122.30.68 | RU | ROSTELECOM-AS, RU
73.178.82.176 | US | COMCAST-7922, US
73.133.66.110 | US | COMCAST-7922, US
63.155.46.5 | US | CENTURYLINK-US-LEGACY-QWEST, US
209.155.125.2 | US | WINDSTREAM, US
206.190.204.88 | US | JOESDATACENTER, US
206.190.204.88 | US | UNITED-FIBER, US
Apache Dom Logs find the top number of uri’s being requested for 03/Feb/2020
304 "POST
6 /wp-admin/admin-ajax.php?action=hustle_module_viewed
1 /wp-cron.php?doing_wp_cron=1580742661.5405189990997314453125
1 /wp-cron.php?doing_wp_cron=1580742384.2412269115447998046875
1 /wp-cron.php?doing_wp_cron=1580742258.4729180335998535156250
1 /wp-cron.php?doing_wp_cron=1580742212.9561231136322021484375
1 /wp-cron.php?doing_wp_cron=1580742009.7250990867614746093750
1 /wp-cron.php?doing_wp_cron=1580741911.5235159397125244140625
1 /wp-cron.php?doing_wp_cron=1580741692.7411398887634277343750
1 /wp-cron.php?doing_wp_cron=1580741651.4984240531921386718750
View Apache requests per hour for Cyberpanel user
425 00:00
191 01:00
233 02:00
171 03:00
231 04:00
249 05:00
296 06:00
242 07:00
552 08:00
244 09:00
431 10:00
485 11:00
336 12:00
297 13:00
316 14:00
86 15:00
CMS Checks
Wordpress Checks
Wordpress Login Bruteforcing checks for wp-login.php for 03/Feb/2020 for user
11 /home/example.com/logs/example.com.access_log
Wordpress Cron wp-cron.php(virtual cron) checks for 03/Feb/2020 for user
233 /home/example.com/logs/example.com.access_log
Wordpress XMLRPC Attacks checks for xmlrpc.php for 03/Feb/2020 for user
Wordpress Heartbeat API checks for admin-ajax.php for 03/Feb/2020 for user
80 /home/example.com/logs/example.com.access_log
Apache Dom Logs POST Requests for 02/Feb/2020 for user
128 /home/example.com/logs/example.com.access_log
5 /home/example.com/logs/my.example.com.access_log
Apache Dom Logs GET Requests for 02/Feb/2020 for user
960 /home/example.com/logs/example.com.access_log
590 /home/example.com/logs/my.example.com.access_log
Apache Dom Logs Top 10 bot/crawler requests per domain name for 02/Feb/2020
56 /home/example.com/logs/my.example.com.access_log
55 /home/example.com/logs/example.com.access_log
Apache Dom Logs top ten IPs for 02/Feb/2020 for user
128 "example.com
5 "my.example.com
Show unique IP’s with whois IP, Country,and ISP
Apache Dom Logs find the top number of uri’s being requested for 02/Feb/2020
133 "POST
View Apache requests per hour for Cyberpanel user
171 15:00
302 16:00
519 17:00
269 18:00
228 19:00
168 20:00
168 21:00
220 22:00
189 23:00
CMS Checks
Wordpress Checks
Wordpress Login Bruteforcing checks for wp-login.php for 02/Feb/2020 for user
16 /home/example.com/logs/example.com.access_log
Wordpress Cron wp-cron.php(virtual cron) checks for 02/Feb/2020 for user
99 /home/example.com/logs/example.com.access_log
Wordpress XMLRPC Attacks checks for xmlrpc.php for 02/Feb/2020 for user
Wordpress Heartbeat API checks for admin-ajax.php for 02/Feb/2020 for user
29 /home/example.com/logs/example.com.access_log
Apache Dom Logs POST Requests for 01/Feb/2020 for user
Apache Dom Logs GET Requests for 01/Feb/2020 for user
Apache Dom Logs Top 10 bot/crawler requests per domain name for 01/Feb/2020
Apache Dom Logs top ten IPs for 01/Feb/2020 for user
Show unique IP’s with whois IP, Country,and ISP
Apache Dom Logs find the top number of uri’s being requested for 01/Feb/2020
View Apache requests per hour for Cyberpanel user
CMS Checks
Wordpress Checks
Wordpress Login Bruteforcing checks for wp-login.php for 01/Feb/2020 for user
Wordpress Cron wp-cron.php(virtual cron) checks for 01/Feb/2020 for user
Wordpress XMLRPC Attacks checks for xmlrpc.php for 01/Feb/2020 for user
Wordpress Heartbeat API checks for admin-ajax.php for 01/Feb/2020 for user
Apache Dom Logs POST Requests for 31/Jan/2020 for user
Apache Dom Logs GET Requests for 31/Jan/2020 for user
Apache Dom Logs Top 10 bot/crawler requests per domain name for 31/Jan/2020
Apache Dom Logs top ten IPs for 31/Jan/2020 for user
Show unique IP’s with whois IP, Country,and ISP
Apache Dom Logs find the top number of uri’s being requested for 31/Jan/2020
View Apache requests per hour for Cyberpanel user
CMS Checks
Wordpress Checks
Wordpress Login Bruteforcing checks for wp-login.php for 31/Jan/2020 for user
Wordpress Cron wp-cron.php(virtual cron) checks for 31/Jan/2020 for user
Wordpress XMLRPC Attacks checks for xmlrpc.php for 31/Jan/2020 for user
Wordpress Heartbeat API checks for admin-ajax.php for 31/Jan/2020 for user
Apache Dom Logs POST Requests for 30/Jan/2020 for user
Apache Dom Logs GET Requests for 30/Jan/2020 for user
Apache Dom Logs Top 10 bot/crawler requests per domain name for 30/Jan/2020
Apache Dom Logs top ten IPs for 30/Jan/2020 for user
Show unique IP’s with whois IP, Country,and ISP
Apache Dom Logs find the top number of uri’s being requested for 30/Jan/2020
View Apache requests per hour for Cyberpanel user
CMS Checks
Wordpress Checks
Wordpress Login Bruteforcing checks for wp-login.php for 30/Jan/2020 for user
Wordpress Cron wp-cron.php(virtual cron) checks for 30/Jan/2020 for user
Wordpress XMLRPC Attacks checks for xmlrpc.php for 30/Jan/2020 for user
Wordpress Heartbeat API checks for admin-ajax.php for 30/Jan/2020 for user
Contents have been saved to user-CyberpanelSnapshot_2020-02-03_10:17:33.txt