Diagnosis of a server downtime under a WHM environment

iczdev

Registered
Dec 1, 2022
1
0
1
Canada
cPanel Access Level
Root Administrator
Hi,

We are currently experiencing downtimes with one of our WHM instance. We have around 40 WordPress websites and each have their own cPanel accounts. We suspect that some of our websites are being bomb by bots. The big majority of the websites uses well knowns plugins and all have WordFence installed.

I'm a bit confused as to where I should start looking when diagnonising server downtime under a WHM environment. Which logs files should I watch? Is there a log file that I can tail in real time? If I believe the server went down due to bots targeting a specific websites under a specific cPanel account at a specific hour, which log file should I check? Is there a tool or a way for me to know how many times an IP address hits our server ?

I'm a bit lost and would like clues on how to properly diagnosis those sort of thing.

Any help would be greatly appreciated.

Thanks a lot!
 
Last edited:

cPanelWilliam

Administrator
Staff member
Mar 13, 2018
161
23
93
Houston
cPanel Access Level
Root Administrator
Hello!

I'm a bit confused as to where I should start looking when diagnonising server downtime under a WHM environment. Which logs files should I watch? Is there a log file that I can tail in real time?
The Apache error log (/etc/apache2/logs/error_log) would be the first log I'd check regarding website downtime. If your websites use PHP-FPM, checking the global PHP-FPM error logs can also be helpful in diagnosing website downtime. You can tail each of these logs in real-time:

Where are the global PHP-FPM logs located

If I believe the server went down due to bots targeting a specific websites under a specific cPanel account at a specific hour, which log file should I check? Is there a tool or a way for me to know how many times an IP address hits our server ?
The domain access logs would be helpful to check so you can see if your websites were under attack from a specific IP or range of IPs. You can use AWStats in cPanel to see in-depth reporting about your domain's traffic statistics. I believe AWStats can track how many times specific IPs have accessed your websites, but you can also check the access logs manually with a grep command to determine this. Just in case it helps, I'll include an article below regarding the location of the domain access logs:

Where can I find domain access logs