The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

having a ip spam problem

Discussion in 'General Discussion' started by epropnet, Nov 16, 2007.

  1. epropnet

    epropnet Member

    Joined:
    Apr 28, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    i received a account from my host telling me that i used 5040GB on a reseller cpanel/whm account. When i asked them they told me the following;

    1) This bandwidth cannot be traced through whm/cpanel as the site was targeted via the ip
    2) I only had Word press 2.2.2 installed via fantastico with only 1 post on it and the total bandwidth used for my complete reseller account in whm shows just below 600bm for this month
    3) I have asked them for logs to proof this and is still waiting
    4) They also said it was Word Press causing this problem???

    I also need to know the following;

    1) As i have an account that is set to 200gb bandwidth limit how is it possible for the bandwidth to go over and up to 5040gb (5TB)
    2) Surely the access to the ip can be controlled?

    Any help regarding this matter would be appreciated.
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    That seems weird, because if the traffic is to WordPress (which is HTTP, rather than mail or some other service), all bandwidth should be recorded in the cPanel and WHM interfaces. Once you went over your 200gb limit, if such a limit was set for your account within cPanel, your account should have been suspended automatically in at most 24 hours. Even with using obscure functionality like WordPress scanning a mail account for content to use for new blog posts, that's done locally and no bandwidth is actually consumed (assuming such a thing was set up to access localhost, which I believe is the default). Only thing i could think of is a WordPress plugin fetching data from remote servers, though 5 TB is kinda over the top even for something like that.

    I have "my own" IP for hosting and yes, IP spam is a real pain. However, that bandwidth does show up in my account and such requests are logged. Only thing I can think of is perhaps accessing via IP/~username since that definitely doesn't register bandwidth and isn't logged to the user account (but the main Apache logs will pick that up). Though, that can be prevented by implementing the userdir tweak in WHM. Additionally, I haven't found IP spam that uses that flaw - they tend to be scanning the IP for things that are known to be vulnerable like WordPress 2.1, PHP-Nuke etc. (good old fashioned script kiddie types).

    I know SysAdmins like playing the "*insert popular PHP script here* did it" game. WordPress 2.2.2 isn't terribly bad with security (nothing like 2.1 was for sure), but it probably would be a good idea to upgrade to 2.3.1 when things settle down :). And if you are getting decent traffic, you might want to be nice to the SysAdmin and install wp-cache for Wordpress or even use Drupal.
     
  3. epropnet

    epropnet Member

    Joined:
    Apr 28, 2007
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    hi,
    could WP 2.2.1 have been the cause of this problem?

    Also i would like to know pls. As i only having a reseller account and not a dedicated server is it my responsibility to ensure security issues on the ip addresses and if so how am i suppose to do that?

    Thanks for your help
     
Loading...

Share This Page