Have you done a full security scan of your server? 95Gb a month of illegal movies served via an IRC channel or other similar ways could well be the culprit. Your hosting company sounds distinctly unhelpful to the extent that I would start searching for a new provider as well.
I assume that you're on a fully dedicated server, so you could start by checking hard disk usage (AVI files take up a lot of space) and running services. I'm a Linux guy and don't have any experience in running Windows servers, but I'm sure others will be able to suggest Windows-specific tools, but you can use Unix tools such as Nessus [nessus.org]. A few other ideas here:
That much bandwidth must be file downloads.
If it was a few Gb, then it might be someone hotlinking, but that is a lot of files to hotlink.
What stat programs do you run? You can find out what files are being called a lot with awstats and webalizer.
We use stats software called Web Log Expert. It appears to be pretty good, but doesn't seem to be showing any strange happenings, or files downloading.
I am going to spend the morning crawling our server looking for anything that shouldn't be there. For instance, to my knowledge, none of the site on our server use video. So I will be looking for video files etc.
Thanks for your responses.
Any more more advice would be great.
|I am going to spend the morning crawling our server looking for anything that shouldn't be there |
I guess you've checked all the log files (including messages.log as well as the site logs).
You could also look for large files :
find / -size +100k -print -xdev
looks for files over 100k in size in all directories from '/' downwards. If it's videos etc they would tend to be larger files I would guess.
Let us know how you get on ;-)
Sorry just read the thread and you are using a Windows server - my suggestions above are linux based <slaps wrist>
Can you use the "search" command with a minimum size to find large files?
Not sure if I can do this ..... but i will certainly give it a try.
Windows does allow me to search by file size, but nothing seems to be out of place.
I have just been informed by our host that our Bandwidth for the month of may so far stand 69GB!
Yet my site stats say the sites have only used around 3GB.
I will have to keep looking.
|bloke in a box|
I would change hosts straight away tbh.
I don't know how much it helps, but my comments would be:
From your server stats you should be able to see which files are using the most bandwidth - in other words which files are most accessed.
Basically, spend time looking closely through your server logs to see exactly what's happening.
And I would say move to another host ASAP. First of all, it sounds like you're paying way too much for bandwidth. And secondly, the impression I get is that you don't have a hugely responsive host.
After much searching, I use a host that have proven to be reliable and have many positive things said about them by people in the hosting industry (I'm always nervous about hosts and make sure to do a lot of research beforehand).
For $20 a month I get almost 200GB of bandwidth (and almost 8GB of disk space). And then $1 per GB of bandwidth over. I have a domain with them purely for downloads and it works well. They are Linux servers though, not Windows, which may not be appropriate for you.
I can't say their details here, but feel free to sticky me.
|Yet my site stats say the sites have only used around 3GB. |
Can you check your email logs - not likely to have used 66Gb in a month unless you have someone sending 1000's per hour.
Also it may be worth checking for an IRC bot (not sure about windows versions but a Google search would no doubt bring something up).
If it's not showing in your apache logs, I would be suspicious of an email hack. I've had the wonderful experience of that before myself, and yes, they can burn 100gigs in a month.
And again, change hosts.
I think changing hosts is something we will now have to seriously consider. Ufortunately as most of you will know, its not quite as easy as just changing. We have around 15 sites on this server. Changing would not only involved transfering sites, but also repointing domain names, emails, reconfiguring databases etc.
We will be changing, it just might take a little while to work out the logistics of doing it all smoothly.
Can you tell me how I find if someone is using our email facility.
Also, if it is someone using our bandwidth to download video clips etc (as some of you suggested it might be), can you give me any advice on how I go about finding the files on the server that are allowing it. Are there common file types or extensions, or even .dll files related to this that might stick out if I were looking?
All help so far is much appreciated.
I assume your host has a good reputation and is not cooking the books?