Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Bandwidth spikes, can't trace

Discussion in 'General Discussion' started by Secret Agent, Jan 18, 2006.

  1. Secret Agent

    Secret Agent Guest

    I am having a hard time tracing this server's bandwidth spikes.

    I found udp files in /tmp and removed them. That solved the problem. The partition is already secured with /scripts/securetmp as well.

    I am just not able to trace anything else. Can someone explain the best procedures to trace bandwidth spikes (low cpu usage constant during spikes)

    Please see attachment. I found udp.txt again in /tmp somehow.

    This is after I removed the file earlier, changed ssh port, disabled all accounts (about 10 total) any shell access, disabled (already was) direct root access and literally about 15 other security steps including apf, bfd, etc.

    This is the /etc/fstab also

    LABEL=/                 /                       ext3    defaults,usrquota        1 1
    LABEL=/boot             /boot                   ext3    defaults        1 2
    LABEL=/backup           /backup                 ext3    defaults        1 2
    none                    /dev/pts                devpts  gid=5,mode=620  0 0
    none                    /proc                   proc    defaults        0 0
    none                    /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0
    /dev/sda2               swap                    swap    defaults        0 0
    /dev/cdrom              /mnt/cdrom              udf,iso9660 noauto,owner,kudzu,ro 0 0
    /dev/fd0                /mnt/floppy             auto    noauto,owner,kudzu 0 0

    Attached Files:

    • udp.txt
      File size:
      1.1 KB
    #1 Secret Agent, Jan 18, 2006
    Last edited by a moderator: Jan 18, 2006
  2. Secret Agent

    Secret Agent Guest

    Can someone kindly help me here? I found it again, removed it and the bandwidth is still high
  3. HolyCow

    HolyCow Registered

    Dec 19, 2004
    Likes Received:
    Trophy Points:
    i seen this happen from a outdated phpBB forum

    Theres a exploit that allows them to wrie to the /tmp path... the script you posted was a flood script to attack other users.

    My recommendation is just patch and update all installations of phpBB on your server.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice