Results 1 to 20 of 20
  1. #1
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803

    Stolen Bandwidth

    Hi.
    I have a reseller on my server who has set up an about 7 accounts. All of these accounts are active. The Bandwidth is being registered as nothing. its is the 22nd and according to all accounts 0.00megs worth of bandwidth has been used. How do i stop this. I have checked the AWSTATS and the results are coming back, "No qualified records found in log (0 corrupted, 0 dropped)". Is this the result of advance DNS settings done?

    I have also noticed that about 1GIG of transfer is uneracountanble, which i guess has been used by this account.

    Thanks,
    Nathaniel
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  2. #2
    Join Date
    May 2006
    Posts
    560
    Maybe he's actually not using any bandwidth? That could be from server updates. How long has the server been running?

  3. #3
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    explain this. If i goto the site and and then update the awstats, nothing happens. if comes up with this information "No qualified records found in log (0 corrupted, 0 dropped)"
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  4. #4
    Join Date
    May 2006
    Posts
    560
    Alright, I'll try... Possibly your awstats isn't setup correctly. Check to make sure it's parsing the right logs...

  5. #5
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    Quote Originally Posted by IceCreamMan
    Alright, I'll try... Possibly your awstats isn't setup correctly. Check to make sure it's parsing the right logs...
    The server is just seeing no site activity
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  6. #6
    Join Date
    Aug 2001
    Location
    NE Ohio
    Posts
    502
    Maybe they're accessing their site through http://server.ip.address/~username ?

  7. #7
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,876
    Quote Originally Posted by El Nino
    Maybe they're accessing their site through http://server.ip.address/~username ?
    If that's the case, you could disable mod_userdir in httpd.conf

  8. #8
    Join Date
    May 2003
    Location
    Florida
    Posts
    902
    Quote Originally Posted by El Nino
    Maybe they're accessing their site through http://server.ip.address/~username ?
    This would be my bet. If this is a cpanel server, you can prevent this by turning on mod_userdir. Go to the Tweak Security section and turn on the mod_userdir Tweak.

    If you have accounts that you want to use the ~username function, you can give them permissions on the same page.

  9. #9
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    http://server.ip.address/~username.

    Nope. That has been disabled since the server was set up
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  10. #10
    Join Date
    Feb 2003
    Location
    L.A. C.A.
    Posts
    346
    Check the size of the apache log file, if its also reporting as 0 you have a problem.

  11. #11
    Join Date
    Feb 2005
    Location
    Sydney
    Posts
    140
    Also check that the site's apache log is recording the hits..
    Damian | i n f i n i x | Are you a hosting refugee?

  12. #12
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    its recorded no activirty. I have just done a whois and no information of my server comes up. This Person has privite Nameservers set up and this server, But the funny thing is they are using the shared IP. This person does no have privite ips for his name servers account.

    Thanks
    Nathaniel
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  13. #13
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,624
    One issue with shared hosting and providing crontab and shell access is that you have to be able to eat the costs of how much bandwidth and traffic users will be using through their shells.

    Typically, A user can SSH in and do wget's (or many other things) all day which is attributed to your bandwidth transfers, but without it being attributed to them.

  14. #14
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    Light wave. Could you please explain what you mean

    Thanks,
    Nathaniel
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  15. #15
    Quote Originally Posted by logikstudios
    Light wave. Could you please explain what you mean

    Thanks,
    Nathaniel
    If the user has shell access and can connect to the server via SSH, they can use wget to download gigs upon gigs of data. This bandwidth will be counted for your server's total usage but it will not be tracked under your Reseller's account. Anything done this way is "free" bandwidth to the account.

  16. #16
    Join Date
    Feb 2005
    Location
    Sydney
    Posts
    140
    A follow-on to bgaNET's post: customers can also push or upload data "from" your server using tools like rsync, this will also not be attributed to the customer in your traffic usage tool.
    Damian | i n f i n i x | Are you a hosting refugee?

  17. #17
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    Users accounts do not have ssh access
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

  18. #18
    Join Date
    Dec 2006
    Posts
    4,151
    Then does the reseller have SSH access?

  19. #19
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,624
    Oh, I was going by the things offered according to the website in your .sig

    In any case, it really doesn't matter whether it's done through SSH, crontab, or many other functions.

    It'd be just as easy to upload a php or cgi application which uses gigabytes worth of your bandwidth but isn't attributed to their web usage. It's not that they are necessarily doing anything wrong. As I mentioned, it's just part of the cost you'll have to eat unless you can actually attribute processes/commands to a specific user and identify them as malicious or somehow breaking a terms of service.

  20. #20
    Join Date
    Dec 2006
    Location
    Cardiff, Wales
    Posts
    803
    The reseller does not have SSH. Accounts have to ask us to enable ssh. Any way. I looked under his dns settings. His names servers are setup with Ips that we dont have. Our range is 85.0.0.0 his is 207.0.0.0 etc. so NS1.domain.com and NS2.domain.com are set up with ips that do not belong to the server.

    It looks like it is done via advance DNS but i cant figure it out?

    Thanks,
    Nathaniel
    SIP Trunking and VoIP Lines, Numbering (DIDs and DDIs), Low Cost Minute add-ons, Secure SIP and VoIP. Business and Enterprise Grade Quality, Low Cost and Highly Competitive. Available at: https://www.voipyonder.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •