You have the Bandwidth usage stats in Cpanel>> Bandwidth , check through it and see whats causing the trouble. If its apache, check through the domain logs and see if its some sort of hot-linking.
Kevin Cheri : Senior Server Administrator / Freelancer : 9+ years Exp, reach me out for any help Server Optimization Expert / Mysql Guru / Migration Specialist
Skype : lynxmaestro
Gmail : [email protected]
Are you running a dns service on this machine? If so, Please make sure you have recursion limited or disabled to avoid being involved in a ddos attack which could cause this bandwidth over usage. Also, You can use a tool such as vnstat to differentiate inbound & outbound traffic.
Server Management - Attacker.NET
Linux & Windows Server Management | Security Services | Outsourced support | High Availability
Certified Information Security Professionals.
E-mail [email protected]
This would assume the traffic is all going to one/few host, which it may not be.
Assuming this is apache based traffic perhaps tail'ing the logs and assessing the servers logs may be the best course of action at the moment.
I may be saying the same thing as you.
To the OP, you're looking at a bandwidth report from your provider I presume?The bandwidth report has only your server on it right? The reason I'm asking, let's say I have a physical server with several VPS's running on it, my bandwidth report would be for the physical host, with all those VPS's. If it's not something like that, then your best bet would be to check all the associated server. Make sure you're not spewing spam, or something like that.
█ Bobby - PreciselyManaged.com - Precision Hosting Solutions
█ Enterprise Shared, Reseller, VPS, Hybrid, and Dedicated Hosting
█ SpamExperts | CloudLinux | cPanel | Bacula + R1soft | and more!
█ Full proactively managed, and we specialize in hosting small web hosts
How come noone recommends tcpdump? It's the tool that anyone should be familiar with like we are with water.
@ttgt: If you'r server still uses more bandwidth than usual, then take a 1 minute traffic capture with tcpdump ( use -s0 to make sure you capture whole packets) and analyze that traffic. If you can't do the analysis, then do the capture anyway and ask someone on any forum to help you with. Make sure you do not provide it to anyone as it could contain password and you don't want that.
You can check the amount of packets for every destination port, packet length and so on with either tcpdump or wireshark (nice GUI that also builds graphics based on filters and filters can be done based on layer 4, 7 protocols).