honestman31
asked on
what is eating up my centos VPS bandwidth
Hi experts
I have a VPS that running CentOS 5.4 32 bit .. kloxo control panel .. got only one site with very few traffic .
I was using that VPS for more than 2 years with no problem
this month I got this message from SolusVM Admin
"We are sending you this email because you have exceeded more than 90% of your bandwidth allocation on the virtual server listed below:"
Based on kloxo my usage still very little ,, but SolusVM has different say .
What I want :- a step by step solution to identify what could be eating my bandwidth and how to stop it .. ( I'm afraid my VPS could be hacked ... )
Many thanks
I have a VPS that running CentOS 5.4 32 bit .. kloxo control panel .. got only one site with very few traffic .
I was using that VPS for more than 2 years with no problem
this month I got this message from SolusVM Admin
"We are sending you this email because you have exceeded more than 90% of your bandwidth allocation on the virtual server listed below:"
Based on kloxo my usage still very little ,, but SolusVM has different say .
What I want :- a step by step solution to identify what could be eating my bandwidth and how to stop it .. ( I'm afraid my VPS could be hacked ... )
Many thanks
ASKER
Hi spravtek,
iftop not installed ,,
tried yum install iftop but did not work ,, ( how to install it )
attached is what I see when use top ..
top.jpg
iftop not installed ,,
tried yum install iftop but did not work ,, ( how to install it )
attached is what I see when use top ..
top.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
was a DNS Amplification Attack's
Do you have "iftop" installed, or can you install it on your VPS?
This will allow you to monitor what is eating your bandwidth
either as root, or a user with the necessary rights run:
Open in new window
Or with a filter:
Open in new window
This way you get to see if some process or program is connecting somewhere that shouldn't.
Besides that, check all your logs for any irregularities ... Things that shouldn't be there.
- Check for failed logins in /var/log/messages
- Are there any new and unknown users created?
- When you use "top" are there any processes that you don't recognise?
- Check if any new programs were installed (rpm -Va).