Alvin Rebulado

Registered
Oct 1, 2012
2
0
1
Sydney, Australia, Australia
cPanel Access Level
Root Administrator
Hey Guys,

I have used a huge amount of bandwidth in our colocation for some reason. I stop all the other non-cpanel servers and still eating a lot. We suspect that the cpanel servers have been compromised. I found the below from my logs. Can anyone tell me if this is related?

--------------------- SSHD Begin ------------------------

Failed logins from:
203.144.225.138 (203-144-225-138.static.asianet.co.th): 81 times
203.240.225.12: 1081 times
219.235.240.39: 4 times
Illegal users from:
203.144.225.138 (203-144-225-138.static.asianet.co.th): 4 times
203.240.225.12: 438 times
Received disconnect:
11: Bye Bye : 1604 Time(s)

Thanks

Alvin
 

Sannin

Active Member
May 19, 2011
34
0
56
I can' t say about the used bandwidth but from the log you posted, i can tell that someone is bruteforcing your sshd server. So i guess you don' t have a firewall. I suggest you install csf as soon as possible.
 

pwhjenny

Well-Known Member
Aug 31, 2012
138
0
91
cPanel Access Level
Root Administrator
Did you confirm your domain getting organic traffic that may be reason your bandwidth usage is high. I will check server access logs and detect wheter it is bot or any other thing using high bandwidth. Make sure you install firewall as well as block unwanted bots.
 

arunsv84

Well-Known Member
Oct 20, 2008
372
1
68
127.0.0.1
cPanel Access Level
Root Administrator
Hi,

Use a network monitoring tool like IPTraf. Recently I was able to find the culprit by using this tool. You can also use the top command to see if some particular script is executing and causing bandwidth usage.

Project Home Page :- IPTraf - An IP Network Monitor

Cheers!!!