﻿>>> /opt/sharedrads/check_user rowdyr7 --plaintext

#################################################################################
  INMOTION HOSTING  .:: SHARED RADS ::.  SHARED RESOURCE ABUSE DETECTION SCRIPTS
#################################################################################
                       Tue Jan 30 13:43:10 EST 2018  

    Displaying today's most recent CPU usage data as recorded by process accounting 
       CPU minutes:  106.62cp (0.42%)          Actual time:  15992.21re (0.00%) 
        (since my last data poll @ 12:07 EST rowdyr7 burned another ~51 cp) 

  # of executions for CPU intensive processes that have been spawned by this user today 
php:  3380  perl:  0  imap:  0  pop3:  0  exim:  0  boxtrap:  0  ftp:  0  cron:  0  

CPU minutes used today         Historical CPU usage data      Most expensive processes 
12:00AM EST :: 0.20cp		Jan 29 :: 101.42cp (0.26%)	php-cgi :: 15.93 secs
03:00AM EST :: 21.6cp		Jan 28 :: 124.27cp (0.32%)	php-cgi :: 15.70 secs
06:00AM EST :: 31.4cp		Jan 27 :: 114.70cp (0.31%)	php-cgi :: 14.52 secs
09:00AM EST :: 37.5cp		Jan 26 :: 112.61cp (0.29%)	php-cgi :: 14.48 secs
12:00PM EST :: 55.1cp		Jan 25 :: 108.60cp (0.27%)	php-cgi :: 14.29 secs
03:00PM EST :: 103.cp		Jan 24 :: 126.57cp (0.31%)	php-cgi :: 14.15 secs
06:00PM EST :: 115.cp		Jan 23 :: 84.96cp (0.21%)	php-cgi :: 14.05 secs
09:00PM EST :: 126.cp		Jan 22 :: 129.16cp (0.31%)	php-cgi :: 13.74 secs

  Displaying top utilization processes for user as recorded by cPanel and dcpumon 
  Top Process  %CPU 125  /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/index.php  
  Top Process  %CPU 92.0  /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/wp-admin/post.php  
  Top Process  %CPU 90.4  /opt/php55/bin/php-cgi /home/rowdyr7/public_html/revivedet.com/index.php  


 RADS has detected these custom cron jobs currently enabled for this account 
SHELL="/bin/bash"

      USER    QUERIES       TIME   LOCKTIME   ROWSSENT  ROWSRECVD
   rowdyr7          3         10          0          1     474862

  ERROR: Could not locate any bandwidth data for rowdyr7 in /var/cpanel/bandwidth/   


>>> /opt/sharedrads/nlp rowdyr7 -p -w 80 --today
Using /var/log/apache2/domlogs/rowdyr7/revivedet.rowdyregime.com

[1;35m-Hourly hits (30/Jan/2018)------------------------------------------------------[0m
00: 334  01: 473  02: 369  03: 404  04: 174  05: 104  06: 145  07: 90   08: 99   
09: 165  10: 124  11: 198  12: 972  13: 906  

[1;35m-HTTP response codes------------------------------------------------------------[0m
200: 3399  301: 25    302: 1040  304: 2     403: 68    404: 13    406: 2     
429: 3     500: 5     

[1;35m-Duplicate requests + response codes--------------------------------------------[0m
225   200   GET /2016/05/30/hello-world/
94    200   GET /feed/
68    403   GET /register/
56    302   POST /wp-comments-post.php
47    200   GET /members/lurleneprowse/activity/99062/
39    200   GET /wp-login.php
39    200   POST /wp-comments-post.php
39    200   POST /wp-login.php
34    200   GET /robots.txt
23    200   GET /

[1;35m-Requests for non-static content------------------------------------------------[0m
225   200   GET /2016/05/30/hello-world/
94    200   GET /feed/
68    403   GET /register/
58    200   GET /members/
56    302   POST /wp-comments-post.php
47    200   GET /members/lurleneprowse/activity/99062/
41    200   GET /wp-login.php
39    200   POST /wp-comments-post.php
39    200   POST /wp-login.php
24    200   GET /

[1;35m-Top user agents----------------------------------------------------------------[0m
1859   "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)"
1001   "Mozilla/5.0 (compatible; spbot/5.0.3; +http://OpenLinkProfiler.org/bot )
757    "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)"
92     "Java/1.8.0_121"
56     "Mozilla/4.0 (Windows NT 6.2) AppleWebKit/537.17 (KHTML, like Gecko) Chro
36     "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTM
34     "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
33     "BUbiNG (+http://law.di.unimi.it/BUbiNG.html)"
25     "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
21     "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

[1;35m-Top IPs with PTR records-------------------------------------------------------[0m
1001   104.131.173.160   No Record Found
552    136.243.73.76     static.76.73.243.136.clients.your-server.de.
491    5.9.106.230       static.230.106.9.5.clients.your-server.de.
301    69.30.213.138     No Record Found
177    173.212.202.220   vmi150210.contaboserver.net.
165    204.12.226.26     No Record Found
113    5.9.63.162        static.162.63.9.5.clients.your-server.de.
92     104.154.198.228   228.198.154.104.bc.googleusercontent.com.
60     46.4.87.205       static.205.87.4.46.clients.your-server.de.
58     212.92.120.228    No Record Found


>>> /opt/sharedrads/recent-cp rowdyr7 -b
[2K+-----------+------------------+------------------+------------------+------------------+
|  command  |        1m        |        [4m5m[0m        |       15m        |       60m        |
+-----------+------------------+------------------+------------------+------------------+
| cat       |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |
| rm        |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |
| pop3      |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |     0.02s   0.0% |
| proxyexec |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |
| whoami    |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |
| sendmail  |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |     0.00s   0.0% |
| php-cgi   |    14.94s 100.0% |   172.61s 100.0% |   385.01s 100.0% |  2003.09s 100.0% |
+-----------+------------------+------------------+------------------+------------------+
| total     |    14.94s 100.0% |   172.62s 100.0% |   385.02s 100.0% |  2003.12s 100.0% |
+-----------+------------------+------------------+------------------+------------------+
s = processs user time in cpu seconds, cp = user time + system time in cpu minutes


>>> Running processes prior to suspension
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
rowdyr7   341645 21.3  0.0 333424 83432 ?        R    13:43   0:01 /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/index.php
rowdyr7   341750 24.5  0.0 324212 74916 ?        R    13:43   0:00 /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/wp-admin/admin-ajax.php
rowdyr7   341757 24.5  0.0 328420 78624 ?        R    13:43   0:00 /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/index.php
rowdyr7   341762 16.5  0.0 310516 60392 ?        R    13:43   0:00 /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/index.php
rowdyr7   341772 16.0  0.0 307980 57832 ?        R    13:43   0:00 /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/index.php
rowdyr7   341902 30.5  0.0 303400 53788 ?        R    13:43   0:00 /opt/php55/bin/php-cgi /home/rowdyr7/public_html/voltageelite.com/wp-admin/admin.php