Bandwidth Usage

Question

I am not sure if this is the correct forum to be posting to, but I thought someone might be able to help?

I have a client running Zen Garden on their site which was phished not too long ago. Ever since then, his bandwidth usage on the site has hit the roof and I was wondering if anyone know of a solution to this please?

Thanks!

This is not a forum but a QA site and your question is too much vague — radius, Jun 28 '10 at 22:29
It's not clear what you are asking. Maybe reword your question to say something like 'How do I measure the bandwidth on my site? I am using the operating system 'X' and the webserver 'foo', if that's what you want to know. — Stefan Lasiewski, Jun 29 '10 at 00:32

score 1 · Answer 1 · edited Apr 13 '17 at 12:14

1

If the site was compromised, nuke the server and start again. See also:

https://serverfault.com/questions/6159/aftermath-of-hack

https://serverfault.com/questions/tagged/intrusion-cleanup

edited Apr 13 '17 at 12:14

Community

1

answered Jun 29 '10 at 00:12

Andrew

7,772
3
34
43

Also, remember to add in any security patches/processes that are needed to prevent the same thing happening again. – DrStalker Jun 29 '10 at 01:22

score 1 · Answer 2 · answered Jun 29 '10 at 00:37

If you determine you've been hacked, take your webserver off the network please. Your server may be serving malware, spamming people, functioning as part of a botnet and serving bad stuff for the bad guys.

If you are using Apache webserver, take a look at some of the other Log modules provided by Apache. These can help you track down if your webserver is doing anything strange. These two sound relevant:

Logging actual bytes sent and received

mod_logio adds in two additional LogFormat fields (%I and %O) that log the actual number of bytes received and sent on the network.

Forensic Logging

mod_log_forensic provides for forensic logging of client requests. Logging is done before and after processing a request, so the forensic log contains two log lines for each request. The forensic logger is very strict with no customizations. It can be an invaluable debugging and security tool.

score 1 · Answer 3 · answered Jun 29 '10 at 01:21

1

If you have access to an upstream router look at the traffic that is making up the bandwidth; it could be anything from an open proxy to file sharing site full of illegal content.

answered Jun 29 '10 at 01:21

DrStalker

6,676
24
76
106

Or run `tcpdmp`, set up SNMP monitoring from another host (using eg. Cacti), etc. – Andrew Jun 29 '10 at 01:45

Bandwidth Usage

3 Answers3