Which site error log was triggered?

for each in $(find  /home/USER/public_html/ -type f -name "*error*log*"); do ls $each && tail -n1 $each && echo " "; done

Skip the first 3 columns, good for seeing errors in a given timeframe:

grep '12-Feb-2014 12:' /home/$USER/public_html/error_log | awk '{ $1=""; $2=""; $3=""; print $0 }' | sort | uniq -c

Another way to search by date:

for each in $(find  /home/USER/public_html/ -type f -name "*error*log*"); do grep -H 2015 $each | tail -n1; done

Apache

Connections Going to WP Abuse

By Domain:

apachectl fullstatus | grep 'xmlrpc.php\|wp-login.php'  | awk '{print substr($0, index($0,$12))}' | awk -F ":" '{print $1, $2}' | awk '{print $3, $5, $6}' | sort  | uniq -c | sort -k2

By Raw Hits:

apachectl fullstatus | grep 'xmlrpc.php\|wp-login.php'  | awk '{print substr($0, index($0,$12))}' | awk -F ":" '{print $1, $2}' | awk '{print $3, $5, $6}' | sort  | uniq -c | sort -nr

== .htaccess in /home/user/

find /home/*/ -maxdepth 1 -name .htaccess

PHP

Custom php.ini values on suphp sites =

for i in $(find /home*/*/public_html -name .htaccess -not -name \*_vti_* -exec grep -iH suphp_ {} \; | awk -F" " '{ print $2"/php.ini" }' | sort | uniq); do echo $i; grep 'max_execution_time\|max_input_time\|memory_limit' $i; done

Also, check for .htaccess files in the userdir, not just the docroot.