big consumption of bandwith by a user, spammer? help!!

jhio

Member
Nov 3, 2005
6
0
151
Hi, first of all excuse my poor english... This is my problem, recently an account that usually consum 1-2 gb of bandwhidth is consuming 17 gb in 5 days! . I have talk with the client and he is not doing spam (and i believe him) and also i have checked his stats and his web logs is not recieving that amount of visits... I have checked /var/cpanel/bandwidth and this is the log

11.2.2007-all=3218126416
11.2.2007-http=633796
11.2.2007-imap=9166792
11.2.2007-pop3=3208294469
11.2.2007-smtp=31359

this amount is in kb, kB, MB? the pop3 is very big? Whm is showing 17.8 GB...
what can i do? is it a spammer that has gained acces to that account?

In the tweak settings in whm i have set:
The maximum each domain can send out per hour (0 is unlimited): 100
Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.) checked

Also i have upgraded whm and cpanel to the last release version.
What can i do? I'm new in this...

Thanks in advance
 

boatdesign

Well-Known Member
Sep 13, 2003
158
0
166
I don't know the answer, but maybe is pop3 measuring incoming email that is being discarded by spam filters but still counted? Maybe the result of a joejob, etc?
 

dcdigital

Member
Nov 7, 2003
23
0
151
Boston
We're seeing similar activities on our servers for the past few days! :( This is pretty frustrating as so far we've not seen anything in the logs to indicate that we have a spammer on the server.

We're still watching logs. It looks like our biggest peak in activity is around 6am (CST), so we're going to try to be more vigilant in watching during that time period to see whos' accessing what.