http://www.rackshack.net/bandwidth/workdir1/64.246.0.247_106-week.png

Any suggestions on going about tracking down these nasty spikes? I'm trying a couple things right now, but nothing so far has given me any info as to why this is happening. I epect traffic spikes but that's rediculous! :)

Analyse the time where the download spike start. And check your access log and see who or which site had send a request at that time.

MxHub is right, check your Apache logs, /var/log/messages, /var/log/maillog etc to see if they tell you where the requests are originating, and what application is causing the spikes.

If they don't help you track down what you need, consider installing tripwire or some sort of program that will perform detailed traffic sniffing that you can activate during one of these spikes.

I'm running through the logs now.

Anyone know much about netstat dumps? I did one just 10 mins ago during what I think was another such spike. I see stuff like below as a small snippet. I don't think 10,000+ in the send-q collumn is normal.. any idea what that means?

tcp 0 3491 plesk.rackshack.ne:http clt-PM3-WCU22-74 p:1900 FIN_WAIT1
tcp 0 0 plesk.rackshack.ne:ircd p50834E9D.dip.t-di:1033 ESTABLISHED
tcp 0 0 plesk.rackshack.ne:http ddn2-t2-1.mcbone.:16602 TIME_WAIT
tcp 0 0 plesk.rackshack.ne:http fe040.world-onlin:40215 TIME_WAIT
tcp 0 0 plesk.rackshack.ne:http plesk.rackshack.n:60568 TIME_WAIT
tcp 0 18760 plesk.rackshack.ne:http 213-99-201-27.uc.n:1730 ESTABLISHED
tcp 0 0 plesk.rackshack.ne:ircd p5089E84C.dip.t-di:2308 ESTABLISHED
tcp 0 0 plesk.rackshack.ne:ircd r2a147.mistral.cz:1648 ESTABLISHED
tcp 0 13936 plesk.rackshack.ne:http Mix-Lagny-110-4-58:1538 ESTABLISHED
tcp 0 0 plesk.rackshack.ne:http plesk.rackshack.n:60569 TIME_WAIT
tcp 0 0 plesk.rackshack.ne:http flatrate1:trnsprntproxy ESTABLISHED
tcp 0 0 plesk.rackshack.ne:ircd pD9EAAF18.dip.t-di:3701 ESTABLISHED
tcp 0 16080 plesk.rackshack.ne:http 213-99-201-27.uc.n:1731 ESTABLISHED