Bandwidth Usage

Question

I am not sure if this is the correct forum to be posting to, but I thought someone might be able to help?

I have a client running Zen Garden on their site which was phished not too long ago. Ever since then, his bandwidth usage on the site has hit the roof and I was wondering if anyone know of a solution to this please?

Thanks!

Answer 1

If the site was compromised, nuke the server and start again. See also:

https://serverfault.com/questions/6159/aftermath-of-hack

https://serverfault.com/questions/tagged/intrusion-cleanup

Answer 2

1. If you determine you've been hacked, take your webserver off the network please. Your server may be serving malware, spamming people, functioning as part of a botnet and serving bad stuff for the bad guys.

If you are using Apache webserver, take a look at some of the other Log modules provided by Apache. These can help you track down if your webserver is doing anything strange. These two sound relevant:

Logging actual bytes sent and received

mod_logio adds in two additional LogFormat fields (%I and %O) that log the actual number of bytes received and sent on the network.

Forensic Logging

mod_log_forensic provides for forensic logging of client requests. Logging is done before and after processing a request, so the forensic log contains two log lines for each request. The forensic logger is very strict with no customizations. It can be an invaluable debugging and security tool.

Answer 3

If you have access to an upstream router look at the traffic that is making up the bandwidth; it could be anything from an open proxy to file sharing site full of illegal content.