Solved

what is eating up my centos VPS bandwidth

Posted on 2013-06-24
4
781 Views
Last Modified: 2013-06-29
Hi experts
I have  a VPS that running CentOS 5.4 32 bit .. kloxo  control panel .. got only one site with very few traffic .
I was using that VPS for more than 2 years  with no problem
this month I got this message  from SolusVM Admin
 
"We are sending you this email because you have exceeded  more than 90% of your bandwidth allocation on the virtual server listed below:"


Based on kloxo my usage still very little ,, but SolusVM  has different say .

What I want :- a step by step solution to identify what could be eating my bandwidth and how to stop it .. ( I'm afraid my VPS could be hacked ... )
Many thanks
0
Comment
Question by:honestman31
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39271324
Hi...

Do you have "iftop" installed, or can you install it on your VPS?

This will allow you to monitor what is eating your bandwidth

either as root, or a user with the necessary rights run:

iftop

Open in new window


Or with a filter:

iftop -f icmp

Open in new window


This way you get to see if some process or program is connecting somewhere that shouldn't.

Besides that, check all your logs for any irregularities ... Things that shouldn't be there.

- Check for failed logins in /var/log/messages
- Are there any new and unknown users created?
- When you use "top" are there any processes that you don't recognise?
- Check if any new programs were installed (rpm -Va).
0
 
LVL 10

Author Comment

by:honestman31
ID: 39271599
Hi spravtek,
iftop  not installed ,,
tried yum install iftop  but did not work  ,, ( how to install it )

attached is what I see when use top ..
top.jpg
0
 
LVL 10

Accepted Solution

by:
honestman31 earned 0 total points
ID: 39272050
just now i know the reason ,
my VPS got suspended and i got this message

"DNS Servers on your network are being used in DNS Amplification Attack's Worldwide."

So it is
DNS Amplification Attack's

Thanks for trying to help
0
 
LVL 10

Author Closing Comment

by:honestman31
ID: 39286391
was a DNS Amplification Attack's
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question