Results 1 to 10 of 10
  1. #1
    Join Date
    Aug 2003
    Location
    Nanaimo, BC
    Posts
    31

    Does this seem normal?

    I've been notified from my dedicated server provider, ServerMatrix (The Planet), that I'm on the road to surpass my monthly allotted bandwidth of 1500 gigs.

    I have two dedicated servers:

    http://www.tylercruz.com/uploaded_images/7-702689.jpg

    Now, here are the server bandwidth usages:

    http://www.merendi.com/bandwidth_october.jpg
    http://www.merendi.com/bandwidth_september.jpg

    September only had a total of nearly 1000 gigs, and I looked back at the previous months, and those were roughly around the same as September as well.

    What makes me very confused is that when I log into Urchin and do a total tally of all of my websites, I find September totaling 46 gigs and October so far 10! How come so low? I know nothing about server administration - could something else be 'hogging' my bandwidth other than Apache?

    The only thing I can think of is if a past person I hired still has access to my server and is leeching WareZ or something.. how can I check this? I really know nothing about server administration.

    I contacted tech support, inquiring on bandwidth increase prices, and was surprised to find them so expensive:

    500GB for $125/mo
    750GB for $150/mo
    1000GB for $175/mo

    This is so confusing to me - that's more than buying a brand new server and getting 1500 GBs! Are these normal prices?

    I haven't asked yet, but will, on how much the overage costs are per Gig. Does anyone have any ideas? What's horrible is that support says that if I ordered it now, it wouldn't count until NEXT month.. so like.. um.. how am I supposed to stop all this bandwidth then? Shut down all my sites?!?

    Thanks in advance!
    Tyler Cruz
    TylerCruz.com
    PublisherForums.com: Intelligent Discussion for Web Publishers

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    You could have had a exploited php script that is allowing a ddos style attack, people to upload files and download them, etc.

    or your urchin stats could just be wrong.

    Do you have any proxy scripts?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    It may be interesting to see how much bw you push in and out of the server:

    http://iptraf.seul.org/

    during the peaks in your day.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Don't trust Urchin as it would only monitor outgoing HTTP access only when it is working but most of the time I realized that Urchin doesn't really work.

    You need to take into account all incoming and outgoing traffic to your server because other services like smtp,pop,ftp,ssh and so on would indeed add up to your bandwidth usage.

    Bandwidth overage charges are at 50cents/gb above and beyond the allocation.

    In Orbit, first thing to do is go under Security and request for the free Vulnerability Scanning for your server. This should tell you if there are any security holes in your system which you need to take care of.
    http://www.batchimage.com - Offering Batch Image Processing and TIFF/PDF Software Solutions

  5. #5
    Join Date
    Aug 2003
    Location
    Nanaimo, BC
    Posts
    31
    Steve - sent you an e-mail via Rack911.com site.

    An update guys:

    I just issued a 'netstat' (I really know absolutely nothing about server administration) and I could see a few suspect things. Namely a foreign address and an IRC connection which I think is a daemon or something.

    These would have been set up by a 'friend/developer' I had help me with my server and such, but I told him before to stop doing any torrent or illegal pirating on it, but it looks like maybe he didn't? I don't want to jump to conclusions, but it'd explain the bandwidth..

    I can't get ahold of him (not answering my calls), but would anyone mind talking to me on MSN or something to help me out?

    Thanks
    Tyler Cruz
    TylerCruz.com
    PublisherForums.com: Intelligent Discussion for Web Publishers

  6. #6
    Join Date
    Aug 2003
    Location
    Nanaimo, BC
    Posts
    31
    Hmm.. issuing a 'top' I can also see that his user account is running Python for 21:00 now... dunno what that could be...
    Tyler Cruz
    TylerCruz.com
    PublisherForums.com: Intelligent Discussion for Web Publishers

  7. #7
    Join Date
    Mar 2003
    Location
    Door County, Wisconsin
    Posts
    321
    seeding or downloading torrents most likely.
    Christian Koehler
    Racked Hosting
    Web Hosting, Unmetered Dedicated Hosting and SHOUTcast Hosting
    +1.866.5RACKED (ext. 802)

  8. #8
    Join Date
    Aug 2006
    Location
    Florida
    Posts
    10
    You might want to do a Vulnerability Scan to see if you have any holes in your server that someone might exploit. THere are hundreds of apache/and other loop holes that may have allowed someone into your bax and is eating your bandwidth.
    Have you checked for Vulnerabilities?

  9. #9
    Join Date
    Aug 2003
    Location
    Nanaimo, BC
    Posts
    31
    I had Steve go in and look.

    Apparantly my 'friend' who I had often hired to program or do server work for me, has whored it up with tons of torrents, WareZ, shoutcast, etc. That explains the bandwidth usage...

    So the good news is that we solved the root of the bandwidth problem and fixed it.. the bad news is that it's somebody I've worked with closely for a long time, and I'm waiting for him to finish a site I paid him to do.. which I'm wondering if I'll even get back now; I can't get in contact with him...
    Tyler Cruz
    TylerCruz.com
    PublisherForums.com: Intelligent Discussion for Web Publishers

  10. #10
    Join Date
    Jul 2004
    Location
    Memphis, TN
    Posts
    1,225
    Change all your passwords that he had access to.

    Nothing to stopfrom logging back in and doing it all over again if you still have the same passwords.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •