Solved

what is eating up my centos VPS bandwidth

Posted on 2013-06-24
4
776 Views
Last Modified: 2013-06-29
Hi experts
I have  a VPS that running CentOS 5.4 32 bit .. kloxo  control panel .. got only one site with very few traffic .
I was using that VPS for more than 2 years  with no problem
this month I got this message  from SolusVM Admin
 
"We are sending you this email because you have exceeded  more than 90% of your bandwidth allocation on the virtual server listed below:"


Based on kloxo my usage still very little ,, but SolusVM  has different say .

What I want :- a step by step solution to identify what could be eating my bandwidth and how to stop it .. ( I'm afraid my VPS could be hacked ... )
Many thanks
0
Comment
Question by:honestman31
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39271324
Hi...

Do you have "iftop" installed, or can you install it on your VPS?

This will allow you to monitor what is eating your bandwidth

either as root, or a user with the necessary rights run:

iftop

Open in new window


Or with a filter:

iftop -f icmp

Open in new window


This way you get to see if some process or program is connecting somewhere that shouldn't.

Besides that, check all your logs for any irregularities ... Things that shouldn't be there.

- Check for failed logins in /var/log/messages
- Are there any new and unknown users created?
- When you use "top" are there any processes that you don't recognise?
- Check if any new programs were installed (rpm -Va).
0
 
LVL 10

Author Comment

by:honestman31
ID: 39271599
Hi spravtek,
iftop  not installed ,,
tried yum install iftop  but did not work  ,, ( how to install it )

attached is what I see when use top ..
top.jpg
0
 
LVL 10

Accepted Solution

by:
honestman31 earned 0 total points
ID: 39272050
just now i know the reason ,
my VPS got suspended and i got this message

"DNS Servers on your network are being used in DNS Amplification Attack's Worldwide."

So it is
DNS Amplification Attack's

Thanks for trying to help
0
 
LVL 10

Author Closing Comment

by:honestman31
ID: 39286391
was a DNS Amplification Attack's
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 121
Identify bottom to remote server 2 76
Windows Server: configure snmp security to accept subnet 7 43
Server 2016 FTP 5 23
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question