- Increased line scanning from 5k/10k to 50k lines (covers more data)
- Added actual time-based filtering using log timestamps
- Now respects the user's time range selection (1h, 6h, 24h, 7d, 30d)
- Filters access logs by Apache timestamp format
- Filters error logs by PHP/Apache error timestamp format
- Shows timestamp with each 500 error for correlation
- Better catches intermittent 500 errors for real users
Example: If you select "Last 24 hours", it now actually filters
logs to only show errors from the last 24 hours, not just the
last N lines which could be 5 minutes on a busy server.
- Added single-line command to download and run
- Downloads from Gitea, extracts, and launches in one go
- Keeps original method as alternative for already installed
- Group identical errors and show occurrence count
- Color-code by frequency (HIGH/MEDIUM/LOW)
- Show top 20 most frequent errors instead of all
- Clean up ModSecurity noise (unique_id, pid, tid tags)
- Skip empty error messages
- Exclude FTP logs and bytes_log files from analysis
- Much cleaner output focused on actionable errors
- Answer: Access logs show 5xx errors (500-599), not 404s
- Remove .sysref.timestamp from repository
- Update .gitignore to explicitly exclude .sysref.timestamp
- Ensure no learned/session data is ever committed
- Repository now completely clean of runtime data
- New tool: erase-toolkit-traces.sh removes all toolkit traces
- Cleans bash history for all users
- Removes toolkit mentions from system logs
- Deletes download artifacts and temp files
- Optional: complete toolkit directory removal
- Added to main menu as option 10
- Complete security menu restructure (3-mode: Analysis/Actions/Live)
- Intelligent cPHulk enablement with CSF whitelist import
- Live network security monitoring dashboard
- Multi-source threat detection and classification
- 50+ organized security tools across 4-level menu hierarchy
- System health diagnostics with cPanel/WHM integration
- Reference database for cross-module intelligence sharing
cschantz
cschantz