0

Can someone help me to identify the reason for so much bandwidth consumption by our website, the webserver is Apache, and is hosted in AWS Ec2 instance along with some other websites.

In a single day our "Network out" bandwidth utilization went to 300 GB

Below some samples from Apache access log, and attached the AWS cloud-watch graph.

10.20.30.40 - - [10/Sep/2019:06:50:24 +0000] "GET /events/test.php?id=1014xxx HTTP/1.1" 200 2038563160 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

10.20.30.40 - - [10/Sep/2019:06:56:09 +0000] "GET /events/test.php?id=1014xxx.9-2 HTTP/1.1" 200 6 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

10.20.30.40 - - [10/Sep/2019:06:53:18 +0000] "GET /events/test.php?id=1014xxx HTTP/1.1" 200 1938298856 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

Cloudwatch Graph

Ramesh
  • 21
  • 4
  • 1
    The second number behind the request path in your log files is the amount of bytes that were transfered with the response. Check your php script and figure out why it sends about 2GB of data with the first and the last request from your log. – Gerald Schneider Sep 11 '19 at 13:20
  • i dont want to make panic but check your files for some unusually content – djdomi Sep 11 '19 at 17:06
  • @djdomi i have scanned the website file using clamav scanner, but not able to find anything. I have blocked bad bots from hitting the server, and used Apache mod_ratelimit module to limit the bandwidth usage, so now the utilization is reduced. Any other method to identify the rootcause?. – Ramesh Sep 12 '19 at 13:35
  • @GeraldSchneider, iam not able to move to the next step in the troubleshooting, should i check this php file (/events/agenda.php), do you think some issue with this file ?. – Ramesh Sep 12 '19 at 13:39
  • do you know what this file do? you csn try to use tcpdump, or lsof to see what file are beeing read – djdomi Sep 12 '19 at 16:01
  • @djdomi, ok i will check that – Ramesh Sep 13 '19 at 06:09

1 Answers1

0

i just found the reason for high bandwidth utilization in that particular page. Used wget http://example.com/events/test.php?id=1014xxx, downloaded the file, and identified a loop in the PHP code. After removing the loop, the page working fine now without generating lot of bandwidth.

Ramesh
  • 21
  • 4