Fantastic bash one-liners:

ls /var/named | grep db | grep -v inmotion | awk -F".db" '{print $1}'

for dom in $(ls /var/named | grep db | grep -v inmotion | awk -F".db" '{print $1}'); do dns-sync -s $dom; done

echo "What is the Primary Username?: "; read userna5 ; for dom in $(sudo cat /etc/userdomains | grep $userna5 | awk -F":" '{print $1}'); do dns-sync $dom; done

for dom in $(ls /var/named | grep db | grep -v inmotion | awk -F".db" '{print $1}'); do echo $dom && dig +short ns $dom && echo -e "\n"; done

echo "What is the Primary Username?: "; read userna5 ; echo "What kind of record are you trying to check?" ; read record ; for dom in $(sudo cat /etc/userdomains | grep $userna5 | awk -F":" '{print $1}'); do echo $dom && dig +short $record $dom && echo -e "\n"; done

SELECT * FROM wp_options WHERE option_name = 'active_plugins';

echo $(grep -ir '<a href="http://' & grep $(php index.php) -ir '<a href="http://') > MixedContent.txt

read -p "Enter the IP address: " ip; echo -e "\nScanning logs for instances of the IP provided........\n\nThis may take some time, checking archived logs as well...\n"; dovecot_log=$(sudo cat /var/log/maillog | grep 'auth failed' | grep "$ip"; for file in $(sudo ls /var/log/ | grep maillog- | grep gz); do sudo zcat /var/log/$file | grep 'auth failed' | grep "$ip"; done); exim_log=$(sudo cat /var/log/exim_mainlog | grep 'authenticator failed' | grep "$ip"; for file in $(sudo ls /var/log/ | grep exim_mainlog- | grep gz); do sudo zcat /var/log/$file | grep 'authenticator failed' | grep "$ip"; done); dovecot_count=$(echo "$dovecot_log" | grep -c '^'); exim_count=$(echo "$exim_log" | grep -c '^'); cpanel_log=$(sudo cat /usr/local/cpanel/logs/login_log | grep 'FAILED LOGIN' | grep "$ip"); cpanel_count=$(echo "$cpanel_log" | grep -c '^'); modsec_log=$(sudo cat /usr/local/apache/logs/error_log | grep -E 'id "(13052|13051|13504|90334)"' | grep "$ip" | tail -n 1); if [ -n "$dovecot_log" ]; then echo -e "\nIP address detected in Dovecot log.\nInstances of IP found in log = $dovecot_count\n\nMost recent example:\n$(echo "$dovecot_log" | tail -n 1)\n"; fi; if [ -n "$exim_log" ]; then echo -e "\nIP address detected in Exim log.\nInstances of IP found in log = $exim_count\n\nMost recent example:\n$(echo "$exim_log" | tail -n 1)\n"; fi; if [ -n "$cpanel_log" ]; then echo -e "\nIP address detected in cPanel log.\nInstances of IP found in log = $cpanel_count\n\nMost recent example:\n$(echo "$cpanel_log" | tail -n 1)\n"; fi; if [ -n "$modsec_log" ]; then echo -e "\nIP address detected in ModSec log.\n\nMost recent example:\n$modsec_log\n"; fi; if [ -z "$dovecot_log" ] && [ -z "$exim_log" ] && [ -z "$cpanel_log" ] && [ -z "$modsec_log" ]; then echo -e "\nNo issues found"; fi

echo "enter the domain(s) you wish to check"; read $domain; sudo cat /var/log/maillog | grep '.*-login' | grep "$domain" | awk '{print $10}' | grep -E -o '(([0-9]|[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])' | sort | uniq -c | sort -nr

echo "What is the old path?: "; read docroot; for file in $(grep -ir "$docroot" . | awk -F ":" '{print $1}' | sort | uniq); do sed -i "s#$docroot#$(pwd)#g" $file; done

for file in $(wp core verify-checksums 2>&1 | grep 'File should not exist:' | grep -v error_log | awk '{print $6}'); do yes | rm -f ./$file; done

for pluginfile in $(wp plugin verify-checksums --all | grep "File was added" | awk '{print $1 "/" $2}'); do yes | rm -f "./wp-content/plugins/$pluginfile"; done

wp db export

wp db import dbname.sql

wp user list

wp user create support testing@servconfig.com --role=administrator

wp user delete support --reassign=1

wp user update username --user_pass=newpass

wp user set-role username administrator

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

if activelist=$(wp option get active_plugins --format=json);then wp plugin deactivate --all;echo "Plugins deactivated for 30 seconds, reload the page now.";sleep 30;wp option set active_plugins $activelist --format=json;else echo "Failed to save existing plugin list.";fi;

read -p "Disable Plugins for how many seconds: " i; if activelist=$(wp option get active_plugins --format=json);then wp plugin deactivate --all;echo "Plugins deactivated for "$i" seconds, reload the page now.";sleep $i; wp option set active_plugins $activelist --format=json;else echo "Failed to save existing plugin list.";fi;

for i in $( wp plugin list --status=active --format=csv --field=name ); do if wp plugin deactivate $i;then echo "Hit any key to re-enable, and go to the next plugin."; read -n 1 -s; wp plugin activate $i;else echo "Failed to deactivate $i, exiting.";break;fi;done

wp db tables

wp option set siteurl 'http://www.example.com' && wp option set home 'http://www.example.com'

wp core download --force

SetEnv MAGICK_THREAD_LIMIT 1

wp search-replace 'oldstring' 'newstring'

wp media regenerate --yes

for plugin in $(wp plugin list --field=name --skip-{plugins,themes}); do wp plugin install $plugin --force --version=$(wp plugin list --name=$plugin --field=version --skip-{plugins,themes}) --skip-{plugins,themes}; done

echo "<?php phpinfo(); ?>" >> phpinfo.php

cp /usr/local/lib/php.ini ./

sudo /usr/local/cpanel/bin/rebuild_phpconf --current

suPHP_ConfigPath /home/username/public_html

php -m

for i in 55 56 70 71 72 73 74 80 81 82 83; do /opt/cpanel/ea-php$i/root/usr/bin/php -m |grep imagick; done

AddHandler application/x-httpd-php** .php

php -i | grep "search text"

yum -y install imh-php52 imh-php53 imh-php54 imh-php55 imh-php56 imh-php70 cpanel-phpconf && echo -e 'Include "/usr/local/apache/conf/php.conf"\nInclude "/etc/apache2/conf.d/php70.conf"\nInclude "/etc/apache2/conf.d/php56.conf"\nInclude "/etc/apache2/conf.d/php55.conf"\nInclude "/etc/apache2/conf.d/php54.conf"\nInclude "/etc/apache2/conf.d/php53.conf"\nInclude "/etc/apache2/conf.d/php52.conf"' > /etc/apache2/conf.d/php.conf; service httpd restart

yum -y remove imh-php52 imh-php53 imh-php54 imh-php55 imh-php56 imh-php70 cpanel-phpconf

sa_info -a email@email.com

sa_whitelist -a domain.com

echo -ne "What user? "; read user; sudo cat /etc/userdomains | grep $user | cut -d: -f1 > domains.txt; for i in $(cat domains.txt); do sudo cat /var/log/exim_mainlog | grep -e '<= [^@<>]*@'$i | awk '{print $6}'|sort|uniq -c|sort -n; done

sudo cat /etc/mailips

addlocaldomain domain.com
rmlocaldomain domain.com

exim -bpc

echo;echo "Location and volume of mailing scripts:";echo; sudo cat /var/log/exim_mainlog| LC_ALL=C grep -i .|grep cwd|awk -F'=' '{print $2}'|cut -d' ' -f1|sort|uniq -c|sort -nr|head -20;echo;echo; echo "Top Email senders:";echo;cat /var/log/exim_mainlog| awk 'match ($0,/<= ([^@<>]+(@|\+)[^ ]+)/,a) {print a[1]}' |sort|uniq -c|sort -nr|head -20;echo;echo;echo "Top Mail subjects:";echo;cat /var/log/exim_mainlog | grep courier_login |awk 'match($0,/T="([^"]*)"/,a){print a[1]}'| sort | uniq -c | sort -nr|head -15;echo;echo;echo "IMAP Connections by mail box:";echo;/opt/dedrads/check_imap --mailbox;echo;echo;echo "IMAP Connections by User:";echo;/opt/dedrads/check_imap --userconns;echo;echo;echo "Email logins by acct:";echo;/opt/dedrads/check_imap --login_email|sort -nr|head -10;echo;echo;echo "Failed Logins by IP address:";echo;/opt/dedrads/check_imap --login_failed;echo;echo;echo "Email logins by IP";echo;/opt/dedrads/check_imap --login_ip|sort -nr|head -10;echo;echo;echo "Checks to see if you are hitting the maximum number allowed connections";echo;/opt/dedrads/check_imap --checkerror|tail -10;echo;echo "Show where bounces are going to:";echo;/opt/dedrads/check_exim --queuebybounceback |sort -nr|head -10;echo;echo "Check for Boxtrapper wars, Over 1000 is bad";echo;/opt/dedrads/check_boxtrapper --logs |grep -v "Scanning /var/log/exim_mainlog for boxtrapper wars - big numbers are bad (usually 1k-> >100K). You can ignore 'transport'."|sort -nr|head -10

find /var/spool/exim/input -type f -exec rm -f {} +

find -name dovecot.\* -ls -delete

cp -r /var/named{,.bk} && for domain in /var/named/*.db; do domain=$(basename $domain .db); whmapi1 addzonerecord domain="${domain}" name="_dmarc.${domain}" class=IN ttl=86400 type=TXT txtdata='v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400'; done

mv /var/spool/exim/db/retry /var/spool/exim/db/retry-bk
mv /var/spool/exim/db/retry.lockfile /var/spool/exim/db/retry.lockfile-bk
service restart exim

exim -qff -v

tail /opt/backup/logs/users/username

ssh backup node
cd /mnt/*/*/(vpdID)

/usr/local/cpanel/bin/backup --force

mysqldump -u dbusername -p databasename > nameofdbbackup.sql

sudo /opt/sharedrads/restore-db database_name

sudo /opt/tier1adv/bin/imhbackups username pause
sudo /opt/tier1adv/bin/imhbackups username resume

/var/cpanel/ssl/system/keys

/usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose

autossl_check --user username

for i in $(\ls /var/cpanel/users | grep -v system); do ngxconf -u $i -rd; done

ngxconf -u username -rd

traceroute -m1 inmotionhosting.com|sed '1d'|awk {'print $2'}|cut -d\. -f1

yum update imh-python-rads

/usr/local/cpanel/cpkeyclt

/scripts/php_fpm_config --rebuild && /scripts/restartsrv_apache_php_fpm

/opt/tier2c/check_mysql --sockets

grep ModSecurity /usr/local/apache/logs/error_log | grep -v collections_remove_stale | grep -v collection_store | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n

/opt/dedrads/show-conns

for i in $(echo "cpanel crond exim dovecot pure-ftpd named httpd mysql iptables apf csf"); do service $i restart; done;

SecRequestBodyLimit
SecRequestBodyNoFilesLimit

netstat -plan | awk '/.*[0-9]+.[0-9]+.[0-9]+.[0-9].*/{gsub(/::ffff:/,"",$0);print $4"\t" $5}'|cut -sd. -f 1->netstat.log;echo "Netstat report";echo;echo "Number of Connections to each port:";cat netstat.log |awk {'print $1'}|cut -d: -f 2|sort|uniq -c|sort -nk 1|tail;echo;echo "Number of connections from each IP:";cat netstat.log |awk {'print $2'}|cut -d: -f 1|sort|uniq -c|sort -nk 1|tail;echo;echo "The number of instances of a particular IP connecting to particular port";cat netstat.log |awk {'print $1 "\t" $2'}|cut -d: -f 2|sort|uniq -c|sort -nk 1|tail;

systemctl stop iptables-services; systemctl mask iptables-services; rm -f /etc/apf/internals/.last.full; apf -r

killall -9 php php-cgi

job(){ width=$((`tput cols`-`echo $1|wc -m`));offset=$(($width/2));col=1;while [ $col -lt $offset ];do echo -n " ";col=$(($col+1));done;echo -e "$1"; };LargeFileLocator(){ task(){ echo "=> $1";echo; };check(){ if [ -z $1 ];then dir=$(pwd);fi;if [ -d $1 ];then if [ `ls $1|wc -l` -gt 0 ];then cd $1;if [ -z `ls|grep -v "-"|du -h|grep '[0-9]G'|head -1|awk {'print $1'}` ];then echo -e "\tALL LOOKS GOOD IN HERE. ($1)";echo;else du -m --max-depth=3|sort -nr|cut -f2|tr \\n \\0|xargs -0 du -sh|sed 's/.\///'|grep -v '[0-9]M\|[0-9]K'|awk -v wd="$(pwd)" '{print wd"/"$2" "$1}'|sort|awk '{print "ATTENTION: "$2" found ==> "$1}'|sed 's/^/\t /'|sed 's/\/\.//';echo;fi;else echo -e "\tNOTHING FOUND IN HERE. ($1)";echo;fi;else echo -e "\tNOTHING FOUND HERE. ($1)";fi; };clear;echo;job "LARGE FILE/FOLDER LOCATOR";echo;job "`df -h|sed '1d'|grep -v "none\|udev\|tmp"|awk -v svr=$(hostname|cut -d\. -f1) '{print "Currently "$3"("$5") of "$2" used."}'`";job "`df -h|sed '1d'|grep -v "none\|udev\|tmp"|awk -v svr=$(hostname|cut -d\. -f1) '{print $4" of free space is left on "svr}'`";echo;echo;task "Checking for large orphaned files in home dir:";if [ -z `ls -lah /home |awk {'print $9'}|sed '1,3d'|grep -v "-"|grep -v "......[0-9]"|xargs -I {} du -smh "/home/"{}|grep -o '[0-9]G'|head -1` ];then echo -e "\tALL LOOKS NORMAL IN HERE. (/home)";echo;else check "/home"|grep -vw "`echo $(cat /etc/trueuserdomains|awk '{print "/home/"$2}')|sed -e '1,10s/ /.*$\\\|/g'`"|sed '/^.*home$/d';fi;task "Looking for large cPanel user folders:";for user in `cat /etc/trueuserdomains | awk '{print $2}'`;do if [ `du -ms "/home/"$user|cut -f1` -gt 1000 ];then echo -e "\tcPanel User $user seems pretty large...";check "/home/$user";fi;done;task "Checking for large standard log files:";check "/var/log";task "Looking for large mysql db's & logs:";check "/var/lib/mysql";task "Looking for large WHM (scheduled) backups:";check "/backup";echo; };st=`date +%s`;LargeFileLocator;et=`date +%s`;job "DONE";job "(Execution Time: `expr $et - $st`s)";echo;

whmapi1 create_user_session user=root service=whostmgrd

grep -c proc /proc/cpuinfo

wget https://nodejs.org/dist/v8.11.3/node-v8.11.3-linux-x64.tar.xz && sudo tar --strip-components 1 -xvf node-v* -C /usr/local && ln -s /usr/local/bin/node /usr/bin/node && node --version

wget --no-check-certificate https://www.dropbox.com/s/h22zeu2lmfp2q7c/quickie.sh -O /usr/local/bin/quickie.sh; chmod +x /usr/local/bin/quickie.sh; /usr/local/bin/quickie.sh > /home/review.txt

rsync -rv public_html/ public_html.bak

grep -Ri 'string' dir/

php phpscriptnamehere.php -vvv

/usr/local/cpanel/scripts/runweblogs

sudo cat /etc/apf/deny_hosts.rules

sudo cat /etc/csf/csf.deny

cat /var/log/suspension.log

sleep 600; yum -y install softaculous-imh && /usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php

echo "Rule ID:"; read id; echo "SecRuleRemoveById " $id >> /usr/local/apache/conf/modsec2.user.conf; /usr/local/cpanel/scripts/rebuildhttpdconf; service httpd restart

/scripts/cphulkdwhitelist xxx.xxx.xxx.xxx

ls -d /home/* | xargs -P 8 du -h --max-depth 0 | sort -h

vpspkgtype VPSIDNUMBER 1KHA

vzctl set VPSIDNUMBER --hostname server.name.com --save

rpm -q --changelog SERVICE_NAME

/usr/local/cpanel/scripts/rebuildhttpdconf

/opt/vzmigrate/vzmigrate.log

systemctl stop iptables-services; systemctl mask iptables-services; rm -f /etc/apf/internals/.last.full; apf -r

shellscan --update --freshclam -u $(awk '{print $2}' /etc/trueuserdomains) -a off

for i in $(awk '{print $2}' /etc/trueuserdomains); do fixperms -v $i; done

cat /opt/cpanel/ea-*/root/usr/var/log/php-fpm/error.log | grep -i consider

/scripts/install_lets_encrypt_autossl_provider ; whmapi1 set_autossl_provider provider=LetsEncrypt x_terms_of_service_accepted="https://acme-v01.api.letsencrypt.org/terms" ; whmapi1 set_tweaksetting key=global_dcv_rewrite_exclude value=1 ; whmapi1 start_autossl_check_for_all_users

grep "phpversion: ea" /var/cpanel/userdata/*/*

for a in /var/named/*.db; do echo $(basename $a .db); done

echo "proxy_hide_header Upgrade;" >> /etc/nginx/conf.d/nginx-includes.conf

cd /var/named && for a in $(for i in $(ls | grep .db); do echo $i | rev | cut -c4- | rev; done); do echo $a && dig @ns $a +short && echo; done

/scripts/dnscluster synczone domain.com

yum -y remove imh-cpanel-dnsadmin; rpm -e --nopostun imh-cpanel-dnsadmin; yum clean; yum -y install imh-cpanel-dnsadmin; /usr/local/cpanel/whostmgr/bin/dnsadmin --start; rm -f /var/cpanel/clusterqueue/status/imh{,-down};/usr/local/cpanel/cpkeyclt

yum install imh-custom-ns
/opt/custom-ns/custom-ns userna5

cat /etc/my.cnf

while true ; do clear ; mysqladmin pr ; sleep 2 ; done

cd ~ ; wget --no-check-certificate https://raw.github.com/major/MySQLTuner-perl/master/mysqltuner.pl ; chmod +x mysqltuner.pl ; /root/mysqltuner.pl

For MySQL 5_5 or lower :
log-slow-queries = /var/log/slowqueries
long_query_time = 3


For MySQL 5_6+ :
slow_query_log = 1
slow_query_log_file = /var/log/slowqueries
long_query_time = 3


touch /var/log/slowqueries
chown mysql:mysql /var/log/slowqueries
chmod 664 /var/log/slowqueries


echo "innodb_force_recovery=1" >> /etc/my.cnf

mysqlcheck -reA

read -p "Reseller cPanel user: " user; for i in $(sudo cat /etc/userdatadomains | awk -F ':' '/'"$user"'/ {print $1}') ; do dns-sync $i; done

read -p "Reseller cPanel user: " user; for i in $(account-review "$user" |awk '{print $2}'); do sudo /usr/local/cpanel/bin/autossl_check --user $i; done;

(
db=~/plugins.$(date +%F).sql
domain=$(wp option get siteurl --skip-{plugins,themes} | sed 's/https\?:\/\///')

clear
if [ "$( curl -skLA "foo" "$domain" | lynx -stdin -dump | grep "There has been a critical error")" ];
then
echo "$domain failing"
wp db export "$db"
for i in $(wp plugin list --skip-{plugins,themes} --field=name)
do echo "disabling $i for $domain"
wp plugin deactivate "$i" --skip-{plugins,themes}
echo "testing $domain"
if [[ "$(curl -skLA "foo" "$domain" | lynx -stdin -dump | grep "There has been a critical error")" ]]; then
echo wp plugin activate "$i" --skip-{plugins,themes}
else
echo "$i was breaking the site"'!'
echo "backup located at $db"
break
fi
done
else
echo "$domain not throwing critical errors"
fi

for service in ftp exim dovecot cpanel ; do whmapi1 --output=jsonpretty reset_service_ssl_certificate service=$service ;done && /usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose

( echo 'Must be in root of WordPress to work'; read -p 'Change from: ' from; read -p 'Change to: ' to; echo '-------------------'; echo 'Backing up Database'; wp db export ~/wordpressdbbackup.$(date -I).sql; echo '-------------------'; echo "Changing from: $from to $to"; wp search-replace '$from' '$to' --format=count; echo '-------------------'; echo 'Changing from: to `$to`; wp search-replace www.`$to `$to --format=count`; echo -------------------`; echo Changing from: http://`$to to https://`$to`; wp search-replace http://`$to https://`$to --format=count`; echo -------------------`; echo Tasks are completed`; )

wp rewrite structure $(wp option get permalink_structure)

wp option update permalink_structure '/%postname%' --skip-{plugins,themes}