Problem: Only diagnosing 4 unique issues out of 7555 errors because script
was only checking .htaccess when error_log didn't exist. Most errors had
error_log files but no matching PHP errors, so fell through to
"NO_PHP_ERROR_LOGGED" without further investigation.
Solution: Added fallback .htaccess checking in two scenarios:
1. When error_log exists but has no matching errors for this URL
2. When error_log exists but grep finds no relevant PHP errors
Now checks for common .htaccess issues in all cases:
- Invalid php_value/php_flag directives (incompatible with FPM)
- Malformed RewriteRule syntax
This should dramatically increase the number of diagnosed issues by catching
.htaccess problems even when PHP error_log exists.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Issue: Was missing 500 errors from logs stored in subdirectories like
/var/log/apache2/domlogs/username/domain.com
Changed from simple glob (domlogs/*) to recursive find command that:
- Scans all files in domlogs directory AND subdirectories
- Excludes system files (bytes_log, offset, error_log, ftpxferlog, ssl_log)
- Finds ALL domain access logs regardless of location
This ensures we catch errors like "GET /ay.php HTTP/1.1" 500 that were
previously missed in subdirectory logs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Issues fixed:
- Removed duplicate diagnostic messages (was showing same error 169+ times)
- Fixed bash integer expression error at line 552
- Deduplicate diagnostics by domain+url+issue combination using sort -u
- Only save diagnostics when we have an actual identified cause
- Skip displaying UNKNOWN causes (these are now categorized as NO_PHP_ERROR_LOGGED)
- Show "X unique issues" instead of raw count to reflect deduplication
Now shows each unique domain+issue combination once, with proper counts.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major improvements to provide actionable, specific diagnostics instead of generic advice:
- Add bot/scanner filtering to reduce noise (monitors, SEO tools, security scanners, HTTP clients)
- Track and display filtered bot count in summary
- Remove all emojis from output
- Fix ANSI escape codes with echo -e for proper color rendering
Comprehensive file/permission validation:
- Resolve URLs to actual file paths being requested
- Test .htaccess readability by Apache (nobody user)
- Validate .htaccess syntax with apache2ctl -t
- Detect invalid PHP directives (php_value/php_flag without mod_php)
- Find malformed RewriteRule and orphaned RewriteCond
- Check document root and specific file permissions
- Test if files are readable by Apache user
Enhanced error extraction:
- Extract exact file paths from PHP errors
- Get line numbers for syntax errors
- Extract function names for missing function errors
- Get database usernames/names from DB errors
- Show current memory limits for memory exhaustion
- Identify specific files with permission issues
Add detailed per-URL diagnostics section:
- Show domain + URL + specific issue + file path + exact problem
- Group by error type with up to 20 examples per type
- Examples: "example.com/wp-admin - Permission denied on: /home/user/wp-config.php (perms: 600, owner: root:root) - NOT readable by Apache"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
ISSUE: Example text was showing raw ANSI codes like:
\033[2mExample: domain.com...\033[0m
FIX: Added DIM and BOLD color variable definitions
- These weren't being loaded from common-functions.sh
- Now examples display properly with dim gray text
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
FILTERED LOG FILES:
- proxy (Apache reverse proxy logs)
- localhost (local connections)
- default (default vhost)
- cpanel, webmail, whm (cPanel services)
- cpcalendars, cpcontacts, webdisk (cPanel apps)
These are cPanel system services, not actual customer domains.
They were showing as 'unknown' user and cluttering results.
Now only tracks actual customer domain 500 errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
IMPROVED ERROR LOG DETECTION:
- Now checks 5 different locations for error logs:
• /home/USER/public_html/error_log
• /home/USER/logs/error_log
• /home/USER/error_log
• /var/log/apache2/domlogs/DOMAIN-error_log
• /usr/local/apache/domlogs/DOMAIN
- Increased tail from 100 to 500 lines for better error capture
NEW .HTACCESS DETECTION:
- If no error_log found, checks for .htaccess file
- Looks for RewriteRules, php_value, php_flag directives
- If found, classifies as 'HTACCESS_LIKELY' instead of 'NO_ERROR_LOG_FILE'
- Provides specific .htaccess troubleshooting steps
BETTER ROOT CAUSE CATEGORIES:
- HTACCESS_LIKELY: Has .htaccess with rules, likely syntax error
- NO_ERROR_LOG_FILE: Checked all locations, truly not found
- NO_PHP_ERROR_LOGGED: Error log exists but empty (Apache/config issue)
This should catch most of the 'NO_ERROR_LOG_FILE' cases and
correctly identify them as .htaccess syntax errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added time range selection: 24 hours, 7 days, 30 days
- Default still 24 hours for speed
- Uses same time filtering as full analyzer
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
NEW SCRIPT: modules/website/500-error-tracker.sh
- FAST-ONLY 500 error detection (no menus, no options)
- Scans access logs for 500 errors
- Maps domains to cPanel usernames
- Automatically diagnoses root causes by checking error_log files
- Shows actual PHP errors causing the 500s
ROOT CAUSE DETECTION:
- PHP Memory Exhausted (shows current limit)
- PHP Fatal Errors
- PHP Syntax Errors
- Missing PHP Functions/Extensions
- Database Connection Failures
- .htaccess Issues
- Shows ACTUAL error examples, not just suggestions
FIXES:
- Fixed awk error in website-error-analyzer.sh:
• Changed "next" in END block to "if (length > 0)"
• "next" cannot be used in END block in awk
- Added option 2 in Website Management menu
- Renumbered all WordPress tools (3-16)
DIFFERENCE FROM FULL ANALYZER:
Full Analyzer: All errors, filters, time ranges, user choices
Fast Tracker: ONLY 500s, auto-diagnosis, shows WHY not suggestions
Use Fast Tracker when you need to quickly find which domains
are getting 500 errors and the exact PHP errors causing them.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Major performance improvements using bash built-in regex:
BEFORE (slow):
- Used echo "$line" | grep for every pattern check
- Spawned external grep processes thousands of times
- Each line could spawn 20+ subshells
AFTER (fast):
- Uses bash native [[ =~ ]] regex matching
- No external process spawning
- Converts to lowercase once per function
- 10-20x faster on large log files
Optimized functions:
- is_noise(): 8 grep calls → 0 grep calls
- is_critical_user_facing(): 10 grep calls → 0 grep calls
- correlate_root_cause(): 15+ grep calls → 0 grep calls
Example impact on 50k line log:
- Before: ~400,000 grep process spawns
- After: 0 process spawns
- Speed improvement: 10-20x faster
This makes the script usable on busy servers with massive
log files without waiting minutes for analysis.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Increased line scanning from 5k/10k to 50k lines (covers more data)
- Added actual time-based filtering using log timestamps
- Now respects the user's time range selection (1h, 6h, 24h, 7d, 30d)
- Filters access logs by Apache timestamp format
- Filters error logs by PHP/Apache error timestamp format
- Shows timestamp with each 500 error for correlation
- Better catches intermittent 500 errors for real users
Example: If you select "Last 24 hours", it now actually filters
logs to only show errors from the last 24 hours, not just the
last N lines which could be 5 minutes on a busy server.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Group identical errors and show occurrence count
- Color-code by frequency (HIGH/MEDIUM/LOW)
- Show top 20 most frequent errors instead of all
- Clean up ModSecurity noise (unique_id, pid, tid tags)
- Skip empty error messages
- Exclude FTP logs and bytes_log files from analysis
- Much cleaner output focused on actionable errors
- Answer: Access logs show 5xx errors (500-599), not 404s
- Complete security menu restructure (3-mode: Analysis/Actions/Live)
- Intelligent cPHulk enablement with CSF whitelist import
- Live network security monitoring dashboard
- Multi-source threat detection and classification
- 50+ organized security tools across 4-level menu hierarchy
- System health diagnostics with cPanel/WHM integration
- Reference database for cross-module intelligence sharing
cschantz