hello,

i have a cpanel server, which at the busiest time, the bandwidth usage is always below 1500 Kb/sec. however, recently, the bandwidth usage has pumped up to 10Mbps at the peak time. which isn't normal at all! i am just wondering how i could find out which user is using so much bandwidth?!!!

i tried finding it out by looking at the accesss_log, but no luck.

any comments appreciated! thank you!

I'm not familiar with CPanel, but I would assume that WHM allows you to check your client's bandwidth usage. I'd suggest looking at this first. If nothing is found, I would say your server was rooted and is now being used to distribute warez via XDCC bots over IRC channels. You might want to check that out, and read my guide here:

http://forum.rackshack.net/showthread.php?s=&threadid=13172

It was intended for RS users, but just about everything in there will work on all linux servers. Let me know if you need help.

Best of luck!

WHM has a script called "View Bandwidth Usage" under Accounts. Check that out.

The most reliable way is to set up the switch to read /IP.

But if you dont have access to the switch to the server then off course you cant use this option. If you do name-based hosting, that wont work either. But if you have access to your switch or even router you will be able to check my IP.

I just had an issue like this occur with one of my servers. The traffic located at http://serverip/bandwidth/ (for CPanel/WHM servers) was not showing the domain that was using the traffic. I installed snort and briefly ran it, took a look at it's logs and found that I was being flooded with requests on port 0. I had the NOC block port 0 to my server and it was fixed. What kind of traffic is it? in or out?