zEitEr
Super Moderator
Hello,
An account of a customer was suspended due bandwidth overusage. Getting into details I've found an odd thing:
So someone downloaded with "Download Master" a file several times, from ~15-00 till log rotation... Munin and other monitoring system did not show anything unusual. I did not found 120Gb of bandwidth on a router logs. So why Apache and Directadmin calculated ~120Gb of traffic? What could be a reason?
I've got
in /etc/httpd/conf/httpd.conf
An account of a customer was suspended due bandwidth overusage. Getting into details I've found an odd thing:
Code:
80.83.238.69 - - [23/Dec/2011:21:39:55 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 19540929 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:39:56 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 8935627 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:39:56 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 41733199 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:39:57 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 30916712 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:39:57 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 36714629 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:07 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 14763092 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:07 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 25938598 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:08 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 3930683 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:19 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 19533127 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:20 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 8933264 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:21 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 41729476 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:21 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 30902110 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:21 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 36709546 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:38 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 14751210 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:39 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 3922880 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:39 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 25930796 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:48 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 19525325 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:50 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 8925461 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:51 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 41723033 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:51 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 30895668 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:40:58 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 36703103 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:05 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 14737968 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:06 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 3915077 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:06 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 25922994 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:14 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 19514803 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:15 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 8917658 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:16 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 41716590 "http://www.chi******ka.ru/" "Download Master"
80.83.238.69 - - [23/Dec/2011:21:41:17 +0700] "GET /ftpgetfile.php?id=24 HTTP/1.0" 206 30889226 "http://www.chi******ka.ru/" "Download Master"So someone downloaded with "Download Master" a file several times, from ~15-00 till log rotation... Munin and other monitoring system did not show anything unusual. I did not found 120Gb of bandwidth on a router logs. So why Apache and Directadmin calculated ~120Gb of traffic? What could be a reason?
I've got
Code:
LogFormat "%O %I" bytesin /etc/httpd/conf/httpd.conf