VPS/Dedi Upload Download sped test
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python

VPS / Dedi memory cache clear
echo 3 > /proc/sys/vm/drop_caches

Open Port in Alma Linux
systemctl status firewalld
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

Open Port/Block IP in iptables
Open Port iptables -A INPUT -p tcp --dport 2195 -j ACCEPT
IP Block iptables -A INPUT -s 3.17.235.206 -j DROP
Save current iptables rules: service iptables save

Send mail from command line shell
mail -s "test email subject" mailhostingserver@gmail.com
Enter message boby
Cnt + D

Check Detailed Inode usage
echo "Detailed Inode usage for: $(pwd)" ; for d in `find -maxdepth 1 -type d |cut -d\/ -f2 |grep -xv . |sort`; do c=$(find $d |wc -l) ; printf "$c\t\t- $d\n" ; done ; printf "Total: \t\t$(find $(pwd) | wc -l)\n"

wget command to continue (without timeout)
wget --continue --tries=0 http://sanghvisons.com/video_sanghcf7.tar.gz

DDOS attack >> Command to check remote address connection
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Command to check MySQL Process list >> High mysql Users
mysqladmin processlist |grep '^|' |awk '{print $4}' |sed -e 's/_.*//' |sort |uniq -c |sort -nrk1 |head -20

Checking Reseller Account available backups
echo "Enter the Reseller owner:";read owner;grep $owner /etc/trueuserowners | awk {'print ($1)'} | sed 's/.$//' > /root/resellerbackup;for i in `cat /root/resellerbackup`;do echo -e "\n\nBackup dates for $i";sshrestore --list --user=$i; done

Scanning all cPanel accounts inside a Reseller
echo "Enter the Reseller owner:";read owner;grep $owner /etc/trueuserowners | awk {'print ($1)'} | sed 's/.$//' > /root/resellerscantest;for i in `cat /root/resellerscantest`;do j=`ui $i | grep public_html | awk '{print $NF}'`;cd $j;scan $j; done

Find max children process php-fpm
grep max_children /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/error.log

Find command to find htaccess files and excluding folder
find /home/kuhipfqx/ -type f -name ".htaccess" | grep -v public_html

Kill all PHP-fpm process : ps -ef | grep php-fpm | grep -v grep | awk '{print $2}' | xargs kill -9
OR
kill -9 `sudo ps -ef | grep php-fpm | grep -v grep | awk '{print $2}'`

Kill PHP Process fuser -k /opt/cpanel/ea-php70/root/usr/bin/php-cgi

MySQL ban/unsuspend
montool sqlunsuspend teesgyoq

Command to wget from remote FTP
wget -r --user="transf" --password="Admin@123" ftp://166.62.2.1/
Here:
UserName : transf
Password : Admin@123

Abusetool command
abusetool http enable catiamas EMCSI-461396

Make a file immutable using ‘i’ attribute
[root@linuxtechi ~]# chattr +i dummy_data

Remove the immutable attribute
[root@linuxtechi ~]# chattr -i dummy_data

Ref https://www.linuxtechi.com/file-directory-attributes-in-linux-using-chattr-lsattr-command/

Sar sysstat Details log
CPU usage  sar -q -f /var/log/sa/sa10
Memory usage  sar -r -f /var/log/sa/sa10

Ref : https://www.thegeekstuff.com/2011/03/sar-examples/

lsof command
Cehck running service on port  lsof -i :443 | wc -l
Check the process details  lsof -p 9058

iptables Flush rules/Save Rules
Save existing rules  iptables-save > rule.txt
Flush rules  iptables -F
Restore saved rules  iptables-restore < rule.txt

Check shutdown log
grep "`LC_ALL=en_en.utf8 date +"%b %e"`" /var/log/messages

Lets Encrypt SSL install from command
/usr/local/cpanel/bin/autossl_check --user celejkhx

Check Memory Usage Detailed - VPS/Dedi
ps -eo 'user,rss' --no-headers --sort=user | awk -v t=$(grep -oP "(?<=^MemTotal:).+(?=kB)" /proc/meminfo|awk '{print $1}') '{A[$1]+=$2;next} END {for(i in A){ printf "%s %.2fMB %.2f'%'\n", i,A[i]/1024,(A[i]/t)*100}}'|sort -nrk2|head|sed '1iUser Memory(MB) Percent\n'|column -t|sed '1i=============================\n    TABULATED MEMORY USAGE:\n============================='|sed '5i-----------------------------'

Traceroute for particular port
traceroute -T mx.record -p 25

Remove Files using ll command
for i in `ll | awk {'print $9'} | grep -v "./"`; do rm -f $i; done

Check TLS version
openssl ciphers -v | awk '{print $2}' | sort | uniq

Unblock Delete blocked IP from iptables
iptables -D BAN_USER 14
iptables -nL --line-numbers | grep movie9zc
iptables -D fail2ban-recidive-dovecot 2
iptables -nL | less

Fix Folder and File Permission
find /home/shoeasfs/public_html -type d -exec chmod 755 {} ";"
find /home/shoeasfs/public_html -type f -exec chmod 644 {} ";"

Check and remove stale entries (SHOULD NOT RUN THIS FOR MAIN DOMAIN)
Check addon domain entries  /root/bin/removedomain --search addon $domain
Remove addon domain entries  /root/bin/removedomain --clean addon $domain

Limit PHP:

Go to user home folder:
ls -lah /dev/shm/limit/$(id -u $(pwd | cut -d/ -f3))

# Otherwise assuming “user” variable is set:
ls -lah /dev/shm/limit/$(id -u $user)

# Removing the file for user with ID 1234:
rm -fv /dev/shm/limit/1234

Exim Logs 

To check each Mial account sent message  
exigrep @ /var/log/exim_mainlog | grep U= | sed -n 's/.*U=\(.*\)S=.*/\1/p' | sort | uniq -c | sort -nr -k1

To check email accounts from where many mails 
grep richmonddoha.com /var/log/exim_mainlog | grep '<= ' | awk {'print $6'} | sort | uniq -c | sort -n

Check Exim -bpr command to find sending mail address
exim -bpr | grep "<" | awk {'print$4'} | cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c | sort -n   

Dovecot Login check  
 egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1   

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

awk -F"T=\"" '/<=/ {print $2}' /var/log/exim_mainlog | cut -d\" -f1 | sort | uniq -c | sort -n

To check php script
egrep -R "X-PHP-Script" /var/spool/exim/input/* | awk '{print $2}' | sort | uniq -c | sort -nr  >> 

To check script 
grep cwd=/ /var/log/exim_mainlog | cut -d = -f 2 | cut -d " " -f 1 | sort | uniq -c | sort -n  >>

Detailed Info about Exim Maillog

https://www.samnetworks.in/clients/knowledgebase/39/Understanding-and-Reading-an-Exim-Maillog.html

FSCK Command
fsck.ext4 -fyC0 /dev/vda1

If you do “blkid” and it say the filesystem is ext4, then you can use fsck.ext4

that speeds up the fsck because it does not have to determine what the filesystem

Always do “mount” without any options before I run fsck to just check and make sure the drive is not mounted

http://prntscr.com/qnr8nf

so that confirms the drive is not mounted, and is safe to run the fsck

TCP Dump

CentOS
yum install tcpdump

For Ubuntu/Debian OS
apt install tcpdump

[root@69-49-228-23 ~]# tcpdump -n -i eth0
after some time, 1 or 2 minutes Cntrl +c you can see the result:

12:03:26.015791 IP 103.50.162.53.rets > 69.49.228.23.ssh: Flags [P.], seq 60373:60481, ack 118580124, win 18203, options [nop,nop,TS val 1146668525 ecr 3361752535], length 108
12:03:26.015847 IP 103.50.162.53.rets > 69.49.228.23.ssh: Flags [.], ack 118581272, win 18203, options [nop,nop,TS val 1146668525 ecr 3361752561], length 0
^C
624687 packets captured
640420 packets received by filter
15725 packets dropped by kernel
[root@69-49-228-23 ~]#

tcpdump -nn -tttt -i any port 80

Permanent password reset
pwtemp -d setuser alice

Temp cPanel link generate (from jump)
pwtemp setuser ramshnac gator3068.hostgator.com

Temp cPanel login (from root)
pwtemp setuser alice

To check IP Address and hostname
ipid ipaddress

Check cPanel access logs
searchcpanel computaid.com kia.websitewelcome.com

To reset email password
pwtemp -d setmail gsempertegui@franctranspsa.com

Default Email account Disk usage not showing proper
maildirsize 

Check customer IP blocked in server/exim
checkblacklist

To check if IP listed in any RBL's
rblcheck

To get complete wordpress Info
wp_sak_cli

Watch command
watch -n 1 "du -sh /home2/terrybar"

Abusetool command
abusetool http enable catiamas EMCSI-461396

Check Detailed Desk usage of Dedi/VPS server
ncdu

To regenerate shadow file
mail_shadow

Remove dovecot index file
/usr/local/cpanel/scripts/remove_dovecot_index_files --user bertsmar

Find other usage
find / -user cpanel_user > others.txt

Change account IP
chgacctip makan811 192.254.190.211 y

Change package
whmapi1 changepackage user='digitaldots' pkg='Hosting-41s'

Domlogs/website access logs detailed Report
curdom -l decalsudesign.com-ssl_log

To get database list
uapi -u granjael Mysql list_databases | grep database:

List sub accounts for reseller owner (run from jump)
oi resellerowner

To check ui of multiple users
for i in `cat ulist`; do ui $i; done

To list backup for reseller accounts:
for i in `cat ulist`; do sshrestore -u $i --list; done

Restore multiple cPanel accounts:
for i in $(cat ulist); do sshrestore -u $i -t daily -a;done
for i in $(cat ulist); do sshrestore -u $i -t daily -a -f;done    >> -f (force)

Reset reseller owner: 
cppc --setowner RESELLER_MAIN_USERNAME SUBACCOUNT_USERNAME 
Example: cppc --setowner eglewng5 masterp 

To Get after : before :
cat ulist | cut -d':' -f2

Get mi of reseller sub accounts
mi --reseller jkisoro | tee -a jkisoro-all.$HOSTNAME.mi

Set package plan
cppc --sethgpkg hatchling roanokemen

ipset list IP and remove IP from blacklist

]# ipset list | grep 31.145.26.138
31.145.26.138 timeout 330853

]# ipset del brutes-drop 31.145.26.138

]# ipset list | grep 31.145.26.138
]#

Syssnap location
/home/SYS-SNAP/arch-1744178400

To check log for particular time
sys-snap -a 10:13

cphulk remove IP and whitelist IP
[~]# /usr/local/cpanel/scripts/hulk-unban-ip 202.140.54.38
The system unblocked the IP address “202.140.54.38” successfully.

[~]# /usr/local/cpanel/scripts/cphulkdwhitelist 202.140.54.38
202.140.54.38 has been whitelisted

To blacklist IP: /usr/local/cpanel/scripts/cphulkdblacklist 192.0.2.0

PHP Handlers for PHP 5.6:

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php56___lsphp .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

Generate temp WP-ADMIN Pass: (From jump)

To get DB Name: wpinfo evolutionshears.com gator2127 status
pwtemp setwp evoluars_wp59 gator2127

Set PHP version for command line (SSH) in shared server 

Edit bash file through root user, add below line and exit
export PATH=/opt/cpanel/ea-php80/root/bin/:$PATH

Find .htaccess files and delete in Loop

find /rktesting/test3 -type f -name ".htaccess" -delete

Ref:
https://www.crybit.com/exclude-directories/
https://www.cyberciti.biz/faq/how-to-find-and-delete-directory-recursively-on-linux-or-unix-like-system/

Find command to find htaccess files and excluding folder

find /home/kuhipfqx/ -type f -name ".htaccess" | grep -v public_html

To get list reseller accounts under main reseller

read -p "Owner: " owner ; awk -F: '$4=="CHANGEOWNER" && $NF=="'$owner'" {print $(NF-2)} $4=="CREATE" && $5=="'$owner'" {print $NF}' /var/cpanel/accounting.log | sort -u | while read user ; do grep 'REMOVE:root:.*:'$user$ /var/cpanel/accounting.log ; done|awk -F: '{print $NF}'

Other commands to get reseller subaccounts

cat /etc/trueuserowners | grep -w ab7280 | awk -F ":" '{print $1}'

cat /etc/trueuserowners | grep -w ab7280   (Here ab7280 is reseller owner)

Check ec report for multiple accounts
for i in `cat ulist`; do ec $i -h 24; done

Delete Mails (Before perticular Date All mails)

To find the emails before July 1st, use:
find $PWD -type f -not -newermt "2022-07-01 00:00:00" -ls

To delete Emails:
find $PWD -type f -not -newermt "2022-07-01 00:00:00" -ls -delete

To confirm emails deleted, run the same command again:
find $PWD -type f -not -newermt "2022-07-01 00:00:00" -ls
 
Reference: https://intermarketing.merkados.com/cpanel-erase-emails-older-than-x-amount-of-days-tutorial

Delete Mail From To Date : 2016-10-01" To "2016-10-31
find /home1/terry/mail/beehivedesign.com/terry/cur/ -type f -newermt "2016-10-01" ! -newermt "2016-10-31" -exec rm {} \;"

To check Disk usage of Multiple Accounts
for i in $(cat ulist); do du -sh /home/$i/;done 

while read user; do du -sh /home[0-5]/$user; done < ulist | hpaste -k

/home/hgtransfer/S-2492253/sourcebup/mig-paths | while read Home User; do du -sh /$Home/$User/; done
Here file /home/hgtransfer/S-2492253/sourcebup/mig-paths contains entries in format as below:
home1 webfarmlite
home1 winbetug
home2 yvonnenamaganda