Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
I have a feeling someone may have hacked our server and might be abusing our bandwidth. Our Bandwidth usage has increased 10-20GB per month for the last 4-5 months. We are now apparently using 70GB more than we were apparently using in December ..... and it is still climbing at an alarming rate.
The trouble is, we have not put any new websites live that would generate anything close to this level of traffic - and even the december figure appears incredibly high. We have analysed the stats for our sites, and according to the logs, all our sites together are using under 5GB of traffic each month ..... but something is causing the overall reading of the server to be almost 100GB. So what could be causing the other 95GB of bandwidth usage?
Worse still, it is costing us several hundred pounds each month to cover the cost.
We are using a Windows Server. Does anyone have any ideas of what could be causing this, where I can find files on the server that might be causing this ..... or recommend any software (preferably free at first) that can scan / monitor total server bandwidth usage.
The guys who host our server are not very helpful. I think they are quite happy for this to continue - they are after all getting an extra few hundred £'s per month because of it. They seem to have no great motivation to help us.
Please please please help. All advice is more than welcome.
I assume that you're on a fully dedicated server, so you could start by checking hard disk usage (AVI files take up a lot of space) and running services. I'm a Linux guy and don't have any experience in running Windows servers, but I'm sure others will be able to suggest Windows-specific tools, but you can use Unix tools such as Nessus [nessus.org]. A few other ideas here:
I am going to spend the morning crawling our server looking for anything that shouldn't be there. For instance, to my knowledge, none of the site on our server use video. So I will be looking for video files etc.
Thanks for your responses.
Any more more advice would be great.
I am going to spend the morning crawling our server looking for anything that shouldn't be there
I guess you've checked all the log files (including messages.log as well as the site logs).
You could also look for large files :
find / -size +100k -print -xdev
looks for files over 100k in size in all directories from '/' downwards. If it's videos etc they would tend to be larger files I would guess.
Let us know how you get on ;-)
From your server stats you should be able to see which files are using the most bandwidth - in other words which files are most accessed.
Basically, spend time looking closely through your server logs to see exactly what's happening.
And I would say move to another host ASAP. First of all, it sounds like you're paying way too much for bandwidth. And secondly, the impression I get is that you don't have a hugely responsive host.
After much searching, I use a host that have proven to be reliable and have many positive things said about them by people in the hosting industry (I'm always nervous about hosts and make sure to do a lot of research beforehand).
For $20 a month I get almost 200GB of bandwidth (and almost 8GB of disk space). And then $1 per GB of bandwidth over. I have a domain with them purely for downloads and it works well. They are Linux servers though, not Windows, which may not be appropriate for you.
I can't say their details here, but feel free to sticky me.
Yet my site stats say the sites have only used around 3GB.
Can you check your email logs - not likely to have used 66Gb in a month unless you have someone sending 1000's per hour.
Also it may be worth checking for an IRC bot (not sure about windows versions but a Google search would no doubt bring something up).
We will be changing, it just might take a little while to work out the logistics of doing it all smoothly.
Can you tell me how I find if someone is using our email facility.
Also, if it is someone using our bandwidth to download video clips etc (as some of you suggested it might be), can you give me any advice on how I go about finding the files on the server that are allowing it. Are there common file types or extensions, or even .dll files related to this that might stick out if I were looking?
All help so far is much appreciated.