How do I find total server bandwidth info ?

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
939
22
168
Hi,

An account was hacked yesterday afternoon and they uploaded some bots and stuff to the users images folder and a cmdtmp file to /tmp the server was taken offline by the DC because of excessive bandwidth usage. It looks they used one of the scripts to initiate a DOS attack against another host.

I dont need any advice on securing the server - my question is about bandwidth.

The WHM bandwidth usage stats say that the server has only used 10GB. How do I find out exactly how much bandwidth usage the server has used so I can compare it to what the DC claims to be the usage ? (I've never been in this position before so Ive never needed to know how to do this until now)

They seem to think that we have used up our entire bandwidth allocation for our 35 servers in one night, just with that incident - which I am very dubious about.
 
Last edited:

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
I believe you will pretty much be at the mercy of the DC. Whm will be your only offering for bandwidth "guess". Of course this is all meaningless if you been hacked as anything can and may have been modified.

all the bandwidth for 35 servers in one night? that would have raised an alarm in their network unless your servers are small vps accounts or very small bandwidth allocations. How much traffic are you talking about here?
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
939
22
168
The DC havent told me yet what the usage was but they indicated that the server was pumping out 100 Mbits constantly.

I'd argue that they should have procedures in place for sudden spikes like that - it should be down to them to put systems in that warn when a server suddently starts using 100 times its usual bandwidth.

After all - on servers that are not rigidly maintained - its not unusual for PHP sites to get hacked these days and in most cases its common for these irc bot / dos attack scripts to be uploaded to the server when it happens. If the DC cant identify sudden massive changes in usage then I think its going to cost alot of people alot of money.

The DC said this....

"Unfortuantly all this traffic has pushed you over your bandwidth allowance for all servers which means our providers will hit us with a bandwidth overage charge which we will have to pass on to you. I will send over the stats in an email to you later.
"

I've been running cpanel servers for 4 years and I've never had this problem before on this scale.