The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

in bandwidth consumed hell lot!

Discussion in 'General Discussion' started by mike_r, Dec 27, 2004.

  1. mike_r

    mike_r Well-Known Member

    Joined:
    Nov 26, 2002
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    I always checked my whm and the bandwidth usage was just 90 gb and I wasnt worried. But today after a long time, I checked the bandmin and found the bandwidth usage is 649.204264 GB.


    Total In: 472.045099
    Total Out: 175.837403

    How can I find out who did consume that lot of in bandwidth? Is there any way.. Please let me know...

    I think it must be from some php script or something like that..

    Thanks
     
  2. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    You didn't say what your usual in/out bandwidth was... but I'm guessing you had, or are having, a DOS/DDOS attack. Otherwise someone is uploading a lot of data to your server.

    It would be kinda hard to track that bandwidth usage too... if it was outside the few areas that are measured by WHM.

    You might also try looking for programs that are using fair amounts of cpu time. WHM can help you a bit there.
     
  3. mike_r

    mike_r Well-Known Member

    Joined:
    Nov 26, 2002
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    WHM just shows the mysql, httpd and a popular site in the top usage so i cant find anything from there :( ... No one is uploading data because FTP stats are counted by cpanel. And I have checked the server space is same..

    thanks for the reply..

    How can i find out if its a DoS attack??? Is it possible for a DoS attack to consume INCOMING bandwidth??? (its already 503.9 GB now :( )

    Any more ideas :( ..
     
    #3 mike_r, Dec 28, 2004
    Last edited: Dec 28, 2004
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Yes, a DOS or DDOS attack is data sent to your server to try to overload and jam up your bandwidth 'pipe', so that nothing else can get in or out. Does your server seem to be runing slowly?

    what does
    Code:
    netstat -n
    say?

    Also check the Apache status in WHM. And the CPU/Memory/MYSQL Usage.
     
  5. mike_r

    mike_r Well-Known Member

    Joined:
    Nov 26, 2002
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Well, It isn't a dos attack because very less connections are established and the load was and is normal.

    The load is normal!!! 0.30 - 0.70 ...

    It might be a bot or a site?

    Thanks for your ideas...
     
  6. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Have you already gone through all the cpanel/WHM bandwidth logs to make sure it wasn't a site on your server?

    There's the bandwidth graph in WHM, and also Bandmin as well (though that won't necessarily tell you the user, it can help narrow it down).
     
  7. Promethyl

    Promethyl Well-Known Member

    Joined:
    Mar 27, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    There's not spam coming out of your server, eh?

    You may have gotten nailed by make love not spam... but ...
     
  8. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Can't say for sure about whether or not he's sending spam... but MLNS was shut down several weeks before he posted about this.
     
  9. Promethyl

    Promethyl Well-Known Member

    Joined:
    Mar 27, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Welp, it was worth a shot. Perhaps install MTRG (or monitor it if you have it) and see if you cant pinpoint the traffic that way.
     
  10. Sabaote

    Sabaote Well-Known Member

    Joined:
    Dec 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Ribeirao Preto, Brazil
    if you have Backup enabled, look into your backup dir and locate the Bigger backup that you have..

    So look into this /home/ACCOUNT
    try a du -h

    And if someone is uploading big files to you server in this account you'll know..


    After, if you find something strange like a lot of .AVI files or something else, you'll probably have a problem with Php Shell...

    try to disable some functions in php.ini


    bye
     
Loading...

Share This Page