The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bandwidth Being Stolen. Help?

Discussion in 'General Discussion' started by maverick, Jul 11, 2003.

Thread Status:
Not open for further replies.
  1. maverick

    maverick Well-Known Member

    Joined:
    Jan 6, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    We had 10x the usual bandwidth being used for the last couple of days according to bandmin. Is there a logfile which would list the origin of this activity? If so, can anyone suggest where I should start looking? The usage does not appear in WHM, so presumably the bandwidth is being leeched through an alternative port. Can anyone help suggest the procedure I should go through to figure out where this usage came from and how I can block it in the future?

    Interestingly, according to bandmin, the usage was derived equally from 4 different IPs (3 of these IPs have only 1 account on each them). Upstream and downstream usage was roughly equal.

    There seems to be no indications of the security of the server itself having been compromised. It's like somehow my IP addresses were being used as a gateway?

    Any advice on where I start solving this problem would be much appreciated.

    Thanks.
    Mav.

    cPanel.net Support Ticket Number:
     
  2. maverick

    maverick Well-Known Member

    Joined:
    Jan 6, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Well, I never really found a solution to this problem. It looks like I'll just have to live with the fat bill the datacenter will send me at the end of the month :(

    It did inspire me to go ahead and have the guts to install a firewall. After much reading, I decided to go with APF. Thankfully it was a cinch to install, and so far hasn't given any problems.

    My advice to anyone that doesn't have a firewall installed on their server, but has been thinking about getting one, would be to give it a whirl. It turned out to be easier than I thought it would and APF's friendly "test" install (where it runs for 5 minutes, then quits), is very reassuring for those less experienced in these matters.

    I don't know if my original problem could have been prevented if I'd had a firewall, but at least in having one, it rules out a whole bunch of possibilities.

    Mav.

    cPanel.net Support Ticket Number:
     
  3. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    Are you using proftpd or pure-ftpd? If you are using pure-ftpd, there is one place you have lost bandwidth because it doesnt count bandwidth, if you want to count ftp bandwidth use proftpd :)

    cPanel.net Support Ticket Number:
     
  4. maverick

    maverick Well-Known Member

    Joined:
    Jan 6, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    No, I'm running ProFTPd.

    The fact that the leaching came through 4 different IPs all at once (and 3 of these IPs have only 1 account on them each; they use SSL), I think it was definitely some sort hack, though I have no idea how why this was done. The upstream and downstream data were almost identical - which was interesting too - made me wonder whether it was somehow being exploited as a gateway?? >60GB was used in about 24 hours.

    Mav.

    cPanel.net Support Ticket Number:
     
  5. project3

    project3 Member

    Joined:
    Feb 7, 2005
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    This happened to me too

    I know what the issue here is you need to stop users from using
    using ip/~username as this doesnt log bandwidth. I just got
    hit with $800in overages in a weeks time because of this.
    .
    I have 8 servers with cpanel this happend on just one.
    Now the noc is going to disable all my servers because of not being able to
    pay the bandwidth now. I had no idea it was going on. now its pay the 800
    for overages 15minuteservers also has it so any user can assign ips of the
    other users then your server goes down. I had two server down for over
    24 hours and I still have to pay this overage. I don't make that much profit
    on a server for a month. So why should I have to pay overages because software
    I feel is safe and pay lots for, is so buggy users can steal bandwidth at will.

    You have to edit httpd.conf to fix this issue.
     
  6. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Why don't you read the docs and use the tweak security setting

    mod_userdir TweakApache's mod_userdir allows users to view their sites by entering a tilde(~) and their username as the uri on a specific host. For example http://test.cpanel.net/~fred will bring up the user fred's domain. The disadvantage of this feature is that any bandwidth usage used by this site will be put on the domain it is accessed under (in this case test.cpanel.net). mod_userdir protection prevents this from happening. You may however want to disable it on specific virtual hosts (generally shared ssl hosts.)

    There is nothing wrong with the cpanel software it appears there was a failure on the server admin part for not taking the steps to prevent this which is easy to do
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    ...and this is a two year old thread that didn't need waking up :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.

Share This Page