The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Bandwidth Problems

Discussion in 'Security' started by sweettea, Nov 28, 2016.

Tags:
  1. sweettea

    sweettea Member

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    I am a website owner. This pass summer our bandwidth went from 1-2 GB of bandwidth to now 20GB of bandwidth. It seems to be climbing. Nothing as far as design has changed since January of this year.

    Now I am all for more traffic to my site, but this seems extreme. Our website designer apparently dose not look into cpanel issues. His only response is to "Oh, more traffic? You need more bandwidth space."

    I am semi tech savvy so I looked into cpanel AWStats. I found an IP address that has increasingly used alot of bandwidth. This month it is projected to use more than 7GB. This same IP address uses SQLMAP browser according to cPanels Latest Visitors the questionable IP Address User Agent is sqlmap/1.0-dev-nongit-20151007 (- Removed -). Something is terribly wrong with this but my web designer said "There is no spikes or robots or crazy activity." Also the "Dynamic PHP Script file" has used 7GB this month. Is that normal?

    Can someone help direct me on how I can pinpoint my issue? Something just doesn't look right.

    We are a small eCommerce business and over 20GB a month seems excessive.

    IP addresss Mobile.jpg Monthly Bandwidth Spike.jpg Bandwidth.jpg
     
    #1 sweettea, Nov 28, 2016
    Last edited by a moderator: Nov 29, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I recommend blocking that IP address if it's using up that much bandwidth. You can block the IP address manually via the account's .htaccess file or using IP Blocker within cPanel:

    IP Blocker - Documentation - cPanel Documentation

    Thank you.
     
  3. sweettea

    sweettea Member

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    I have done that but what's stopping them from doing it again and again? It there some way to monitor IP addresses that appear to be malicious?


     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The issue is better addressed with custom firewall rules or Mod_Security rules that block the user-agent. You may need to consider switching hosting providers if your current provider is unwilling to address the concern.

    Thank you.
     
  5. sweettea

    sweettea Member

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    Can you expand on how to block user agents? After blocking this IP Address it came back today....same IP Address I denied. Obviously cPanel IP Denier is not working.
     

    Attached Files:

  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  7. sweettea

    sweettea Member

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner

    Thank you for your reply. Just to let you know I have zero experience with manipulating the htaccess file. I would hate to mess something up. Is it as simple as copy and paste? For me what would I put as the user agent for this bot? Thank you.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you post the contents of your .htaccess file as it exists now, ensuring to replace any real domain names or IP addresses with examples?

    Thank you.
     
    sweettea likes this.
  9. sweettea

    sweettea Member

    Joined:
    Nov 28, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner

    1. I cannot see htaccess file in "File Manager". I can only access it through the "Legacy File Manager". Is that a problem?

    2. There are two htaccess files. One is just .htaccess the other is .htaccesss-1404323084. Which do I edit? We have a mobile version of the website.

    3. What type of encoding do I use to edit?

    In the regular .htaccess file it reads:
    1 # Use PHP52 as default
    2 AddHandler application/x-httpd-php52 .php
    3 <IfModule mod_suphp.c>
    4 suPHP_ConfigPath /opt/php52/lib
    5 </IfModule>
    6

    In the ..htaccesss-1404323084 file it reads:
    1 # Use PHP54 as default
    2 AddHandler application/x-httpd-php54 .php
    3 <IfModule mod_suphp.c>
    4 suPHP_ConfigPath /opt/php54/lib
    5 </IfModule>
    6

    The user agent on the bot is "sqlmap/1.0-dev-nongit-20151007 (sqlmap: automatic SQL injection and database takeover tool)"
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    In File Manager, you can utilize the "Settings" option in the upper-right hand section of the interface and enable the following option:

    Show Hidden Files (dotfiles)

    Use .htaccess. The other looks like a backup of an older version.

    Add lines such as this after the last line and then save the changes:

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} sqlmap [NC]
    RewriteRule ^ - [F,L]
    Thank you.
     
Loading...

Share This Page