To see how many request a site is getting for a particular hour, run

grep "12/Feb/2017:12:" /var/log/apache2/access.log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2":"$3}' | sort -nk1 -nk2 | uniq -c | awk '{ if ($1 > 10) print $0}'

Example

root@ip-172-31-32-78:~# grep "12/Feb/2017:12:" /var/log/apache2/blog.hostonnet.com.log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2":"$3}' | sort -nk1 -nk2 | uniq -c | awk '{ if ($1 > 10) print $0}'
     68 12:00
     61 12:01
    134 12:02
    105 12:03
     32 12:04
     44 12:05
     42 12:06
     32 12:07
     15 12:08
     69 12:20
     85 12:21
     83 12:23
     82 12:24
     11 12:26
     89 12:28
     16 12:36
     14 12:37
    103 12:38
     38 12:39
     61 12:40
     26 12:41
     17 12:42
     15 12:43
    128 12:44
     25 12:45
     76 12:48
     67 12:51
     86 12:53
    114 12:58
     80 12:59
root@ip-172-31-32-78:~#

• keep apache access log for 30 days
• find most accessed ip from apache log
• find all ip logged into cpanel