HELP!
For the past 30 hours my inbound traffic, as seen on my ETH0 server overview graph, has been 10 times normal.
Now I checked each SiteWorx account’s real-time bandwidth graph, and NONE of them show any such increase.
How can I check what the heck is going on? Where all that inbound traffic is coming from!
I forgot to mention that I have stopped the FTP service, so I know the inbound traffic is NOT coming from there!
Is it Mail Traffic?
I had bad PHP mail() script once that someone was using to send spam and I noticed b/c of a small, but constant eth0 usage.
I don’t know. How can I check?
I also tried to restart my server.
There must be some way, some tool that can tell what this inbound traffic is.
For the past our I stopped all services concerning email, pop, imap and smtp.
That did NOT help!
Have you tried looking into HTTP? That was my problem that I mentioned earlier. I had a poorly written PHP script :o for sending mail. Someone was able to inject their own email into it and used my server to send out a bunch of spam.
I would look at your HTTP logs and also do a “top” to see which process are being used that should give you some more clues.
Possibly do a netstat to see which ports are open too?
I don’t have any PHP mail scripts accesible to the public, only one in a member area of a site in beta test! No links to the beta area accesible anywhere!