The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I find total server bandwidth info ?

Discussion in 'General Discussion' started by 4u123, Jan 8, 2007.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    An account was hacked yesterday afternoon and they uploaded some bots and stuff to the users images folder and a cmdtmp file to /tmp the server was taken offline by the DC because of excessive bandwidth usage. It looks they used one of the scripts to initiate a DOS attack against another host.

    I dont need any advice on securing the server - my question is about bandwidth.

    The WHM bandwidth usage stats say that the server has only used 10GB. How do I find out exactly how much bandwidth usage the server has used so I can compare it to what the DC claims to be the usage ? (I've never been in this position before so Ive never needed to know how to do this until now)

    They seem to think that we have used up our entire bandwidth allocation for our 35 servers in one night, just with that incident - which I am very dubious about.
     
    #1 4u123, Jan 8, 2007
    Last edited: Jan 8, 2007
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    I believe you will pretty much be at the mercy of the DC. Whm will be your only offering for bandwidth "guess". Of course this is all meaningless if you been hacked as anything can and may have been modified.

    all the bandwidth for 35 servers in one night? that would have raised an alarm in their network unless your servers are small vps accounts or very small bandwidth allocations. How much traffic are you talking about here?
     
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    The DC havent told me yet what the usage was but they indicated that the server was pumping out 100 Mbits constantly.

    I'd argue that they should have procedures in place for sudden spikes like that - it should be down to them to put systems in that warn when a server suddently starts using 100 times its usual bandwidth.

    After all - on servers that are not rigidly maintained - its not unusual for PHP sites to get hacked these days and in most cases its common for these irc bot / dos attack scripts to be uploaded to the server when it happens. If the DC cant identify sudden massive changes in usage then I think its going to cost alot of people alot of money.

    The DC said this....

    "Unfortuantly all this traffic has pushed you over your bandwidth allowance for all servers which means our providers will hit us with a bandwidth overage charge which we will have to pass on to you. I will send over the stats in an email to you later.
    "

    I've been running cpanel servers for 4 years and I've never had this problem before on this scale.
     
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    They should be able to provide you with a switch graph or some type of visual of the usage using something like MRTG
     
Loading...

Share This Page