Solved

what is eating up my centos VPS bandwidth

Posted on 2013-06-24
4
768 Views
Last Modified: 2013-06-29
Hi experts
I have  a VPS that running CentOS 5.4 32 bit .. kloxo  control panel .. got only one site with very few traffic .
I was using that VPS for more than 2 years  with no problem
this month I got this message  from SolusVM Admin
 
"We are sending you this email because you have exceeded  more than 90% of your bandwidth allocation on the virtual server listed below:"


Based on kloxo my usage still very little ,, but SolusVM  has different say .

What I want :- a step by step solution to identify what could be eating my bandwidth and how to stop it .. ( I'm afraid my VPS could be hacked ... )
Many thanks
0
Comment
Question by:honestman31
  • 3
4 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39271324
Hi...

Do you have "iftop" installed, or can you install it on your VPS?

This will allow you to monitor what is eating your bandwidth

either as root, or a user with the necessary rights run:

iftop

Open in new window


Or with a filter:

iftop -f icmp

Open in new window


This way you get to see if some process or program is connecting somewhere that shouldn't.

Besides that, check all your logs for any irregularities ... Things that shouldn't be there.

- Check for failed logins in /var/log/messages
- Are there any new and unknown users created?
- When you use "top" are there any processes that you don't recognise?
- Check if any new programs were installed (rpm -Va).
0
 
LVL 10

Author Comment

by:honestman31
ID: 39271599
Hi spravtek,
iftop  not installed ,,
tried yum install iftop  but did not work  ,, ( how to install it )

attached is what I see when use top ..
top.jpg
0
 
LVL 10

Accepted Solution

by:
honestman31 earned 0 total points
ID: 39272050
just now i know the reason ,
my VPS got suspended and i got this message

"DNS Servers on your network are being used in DNS Amplification Attack's Worldwide."

So it is
DNS Amplification Attack's

Thanks for trying to help
0
 
LVL 10

Author Closing Comment

by:honestman31
ID: 39286391
was a DNS Amplification Attack's
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them. Similar to ha…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question