Unexplainable bandwidth usage

O

ovsoft

Verified User
Joined
Oct 27, 2004
Messages
68
Hi, a user of mine is consuming a lot of bandwidth, about 8Gb as reported by Direct Admin since beginning of month, while he usually uses ten times less.

Looking in Webalizer reports for this month, his traffic is not increased and total http traffic for his only domain is 700Mb. No one on my server uses ftp, sftp or ssh except myself.

What is using so many bandwidth for that user? Email is the last possibility. How can I learn more, any tool for analyze Exim logs?

Please help!
 
Look through the /var/log/exim/mainlog for lots of email going out; he could have a corrupted php script sending out email.

Also look at the user's httpd access log; it might show calls to a php script for sending email.

Also type in the server IP# here to see if your server has been reported for spamming.

Jeff
 
Bad news:

- non nailing php scripts

- exim log says nothing unusual activity

- ip not reported as spam...
 
BTW I've managed to use grep to extract
from /exim/mainlog the lines related to customer with the problem.

I wonder if somebody would help me to find a way to summarize the bandwidth use from that file.

Any Excel tip?
 
This is an extract from Eximstats for such domain....

The total addition is 3074MB (3GB aprox)
however Direct Admin says that the bandwidth use is 6.7GB...

BTW Awstats only shows a total of 76MB of traffic

Grand total summary
-------------------
At least one address
TOTAL Volume Messages Domains Delayed Failed
Received 1175MB 3528 454 14 0.4% 40 1.1%
Delivered 1899MB 4031 288
 
I have a theory: SPAM

SPAM bounced or deleted after being received by spamassassin.. could that be the problem?
 
I second the emotion :) ... we've had problems lately with hijacked php mail scripts.

Only to AOL addresses.

Lots of spam.

Jeff
 
You must log in or register to reply here.
Back
Top