Scanning

1. If symlink protection isn't compiled in, check for cross-account symlinks.

find /home*/*/public_html -type l -exec ls -l {} \; > /root/symlinks &

2. Start scans in a screen. 3. Check for ModSec.

grep -i modsec /var/log/apache2/error_log | tail

If there are no recent errors, check to see if the rules RPM is installed. If it is installed, check these on cPanel servers:

cat /etc/apache2/conf.d/modsec/modsec2.cpanel.conf

If it's empty, WHM > Security Center > ModSecurity configuration. Change a radio button, then change it back to its original position, then save again to re-populate the file. If it's properly populated, check whitelists:

cat /etc/apache2/conf.d/modsec2/whitelist.conf
find /usr/local/apache/conf/userdata -type f -name "*.conf"

4. Check PHP version and handler for the site in WHM > MultiPHP Manager. 5. Check back on scans.