Currently your messages log is filling up with errors and the system is unstable. Check the message log:

$ server# tail -f /var/log/messages
Jul 28 08:57:30 mail kernel: EXT4-fs warning (device sda3): ext4_dx_add_entry: Directory index full!

Check the sessions directory

 $ server# php -i | grep session.save_path
session.save_path => /var/lib/php/session => /var/lib/php/session

$ server# du -shcx /var/lib/php/session
1000.0M    /var/lib/php/session
1000.0M    total

A cron job similar to the following ran every day, or periodically, should prevent those files from accumulating.


# find /var/lib/php/session -type d -mtime -15 -delete

Manually

# find /var/lib/php/session -depth -mindepth 1 -maxdepth 1 -type f -cmin +120 -delete;

Clamav-cron
Summary:
This is a simple Bash script for those who want to schedule the following tasks via cron:
Source: https://code.google.com/p/clamav-cron/

update the ClamAV virus database (freshclam);
perform personal system scan (clamscan);
send a brief report via e-mail;
without any knowledge about ClamAV configuration files (such as clamd.conf or freshclam.conf) and without running the ClamAV daemon. You just have to configure the e-mail address(es) that will receive the report.

Dependencies:

To succesfilly run clamav-cron the following dependencies needs to be satisfied:

the ClamAV engine (look at ClamAV download center);
a mail server like Sendmail;
How to use:
Download clamav-cron somewhere like /usr/local/bin/ and give it execute permission:


wget http://clamav-cron.googlecode.com/files/clamav-cron-0.6 -O /usr/local/bin/clamav-cron


chmod 755 /usr/local/bin/clamav-cron

Simply open the clamav-cron script with your editor and edit the “User configuration” section following the instructions;
schedule the clamav-cron script via Cron in the preferred way. For example, you can install the clamav-cron in the crontab typing crontab -e from the user shell and entering a line like this:


45 23 * * 6 /usr/local/bin/clamav-cron /home

Cron will run clamav-cron every Saturday at 23:45 (11:45 pm) to recursevly scan the whole /home tree. At the end of task it will send a notification e-mail to the users specified at point 2. For more crontab option type man 5 crontab.

Basically,


$ rsync options source destination

Synchronize Files From Local to Remote (Plesk to cPanel)


$ rsync -avz /var/www/vhosts/domain.com/httpdocs/ sshuser@192.168.200.99:/home/user/public_html/

Synchronize Files From Remote to Local )cPanel to Plesk)


$ rsync -avz sshuser@198.50.162.99:/home/username/public_html/ /var/www/vhosts/domain.com/httpdocs/

Here is a short summary of the options available in rsync. Please refer to the detailed description below for a complete description.

-v, –verbose increase verbosity
-q, –quiet suppress non-error messages
–no-motd suppress daemon-mode MOTD (see caveat)
-c, –checksum skip based on checksum, not mod-time & size
-a, –archive archive mode; equals -rlptgoD (no -H,-A,-X)
–no-OPTION turn off an implied OPTION (e.g. –no-D)
-r, –recursive recurse into directories
-R, –relative use relative path names
–no-implied-dirs don’t send implied dirs with –relative
-b, –backup make backups (see –suffix & –backup-dir)
–backup-dir=DIR make backups into hierarchy based in DIR
–suffix=SUFFIX backup suffix (default ~ w/o –backup-dir)
-u, –update skip files that are newer on the receiver
–inplace update destination files in-place
–append append data onto shorter files
–append-verify –append w/old data in file checksum
-d, –dirs transfer directories without recursing
-l, –links copy symlinks as symlinks
-L, –copy-links transform symlink into referent file/dir
–copy-unsafe-links only “unsafe” symlinks are transformed
–safe-links ignore symlinks that point outside the tree
-k, –copy-dirlinks transform symlink to dir into referent dir
-K, –keep-dirlinks treat symlinked dir on receiver as dir
-H, –hard-links preserve hard links
-p, –perms preserve permissions
-E, –executability preserve executability
–chmod=CHMOD affect file and/or directory permissions
-A, –acls preserve ACLs (implies -p)
-X, –xattrs preserve extended attributes
-o, –owner preserve owner (super-user only)
-g, –group preserve group
–devices preserve device files (super-user only)
–specials preserve special files
-D same as –devices –specials
-t, –times preserve modification times
-O, –omit-dir-times omit directories from –times
–super receiver attempts super-user activities
–fake-super store/recover privileged attrs using xattrs
-S, –sparse handle sparse files efficiently
-n, –dry-run perform a trial run with no changes made
-W, –whole-file copy files whole (w/o delta-xfer algorithm)
-x, –one-file-system don’t cross filesystem boundaries
-B, –block-size=SIZE force a fixed checksum block-size
-e, –rsh=COMMAND specify the remote shell to use
–rsync-path=PROGRAM specify the rsync to run on remote machine
–existing skip creating new files on receiver
–ignore-existing skip updating files that exist on receiver
–remove-source-files sender removes synchronized files (non-dir)
–del an alias for –delete-during
–delete delete extraneous files from dest dirs
–delete-before receiver deletes before transfer (default)
–delete-during receiver deletes during xfer, not before
–delete-delay find deletions during, delete after
–delete-after receiver deletes after transfer, not before
–delete-excluded also delete excluded files from dest dirs
–ignore-errors delete even if there are I/O errors
–force force deletion of dirs even if not empty
–max-delete=NUM don’t delete more than NUM files
–max-size=SIZE don’t transfer any file larger than SIZE
–min-size=SIZE don’t transfer any file smaller than SIZE
–partial keep partially transferred files
–partial-dir=DIR put a partially transferred file into DIR
–delay-updates put all updated files into place at end
-m, –prune-empty-dirs prune empty directory chains from file-list
–numeric-ids don’t map uid/gid values by user/group name
–timeout=SECONDS set I/O timeout in seconds
–contimeout=SECONDS set daemon connection timeout in seconds
-I, –ignore-times don’t skip files that match size and time
–size-only skip files that match in size
–modify-window=NUM compare mod-times with reduced accuracy
-T, –temp-dir=DIR create temporary files in directory DIR
-y, –fuzzy find similar file for basis if no dest file
–compare-dest=DIR also compare received files relative to DIR
–copy-dest=DIR … and include copies of unchanged files
–link-dest=DIR hardlink to files in DIR when unchanged
-z, –compress compress file data during the transfer
–compress-level=NUM explicitly set compression level
–skip-compress=LIST skip compressing files with suffix in LIST
-C, –cvs-exclude auto-ignore files in the same way CVS does
-f, –filter=RULE add a file-filtering RULE
-F same as –filter=’dir-merge /.rsync-filter’
repeated: –filter=’- .rsync-filter’
–exclude=PATTERN exclude files matching PATTERN
–exclude-from=FILE read exclude patterns from FILE
–include=PATTERN don’t exclude files matching PATTERN
–include-from=FILE read include patterns from FILE
–files-from=FILE read list of source-file names from FILE
-0, –from0 all *from/filter files are delimited by 0s
-s, –protect-args no space-splitting; wildcard chars only
–address=ADDRESS bind address for outgoing socket to daemon
–port=PORT specify double-colon alternate port number
–sockopts=OPTIONS specify custom TCP options
–blocking-io use blocking I/O for the remote shell
–stats give some file-transfer stats
-8, –8-bit-output leave high-bit chars unescaped in output
-h, –human-readable output numbers in a human-readable format
–progress show progress during transfer
-P same as –partial –progress
-i, –itemize-changes output a change-summary for all updates
–out-format=FORMAT output updates using the specified FORMAT
–log-file=FILE log what we’re doing to the specified FILE
–log-file-format=FMT log updates using the specified FMT
–password-file=FILE read daemon-access password from FILE
–list-only list the files instead of copying them
–bwlimit=KBPS limit I/O bandwidth; KBytes per second
–write-batch=FILE write a batched update to FILE
–only-write-batch=FILE like –write-batch but w/o updating dest
–read-batch=FILE read a batched update from FILE
–protocol=NUM force an older protocol version to be used
–iconv=CONVERT_SPEC request charset conversion of filenames
–checksum-seed=NUM set block/file checksum seed (advanced)
-4, –ipv4 prefer IPv4
-6, –ipv6 prefer IPv6
–version print version number
(-h) –help show this help (see below for -h comment)

To stop Spam:

drop SMTP on port 25, 465 and 587 to prevent further spam from being sent out by running the following commands:


# /sbin/iptables -A INPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 587 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 587 -j DROP

Restart:

# service iptables restart

Block an IP accessing the site:

# iptables -A INPUT -s 80.35.xx.xxx -j DROP

Restart:

# service iptables restart

After that – check the cpnael access logs for the domain and see that there is a 403 Error:

# tail -f /usr/local/apache/domlogs/gamedayboston.com

80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

Issue

Error with restarting SSHD in WHM. Verified the error, but SSHD appears to restart and take changes anyways even though the error is reported by WHM. Restarted SSHD from SSH does not show any errors and there is nothing in the logs about any errors with SSHD.

Fix

The issue here is that SSH is running on a non-standard port (3333). WHM/Cpanel doesn’t support non-standard ports in WHM.