Debian Squeeze - Monitor outgoing traffic
Posted
by
Sam W.
on Server Fault
See other posts from Server Fault
or by Sam W.
Published on 2012-06-28T04:11:06Z
Indexed on
2012/06/28
9:17 UTC
Read the original article
Hit count: 188
I have a small webserver that running on Lighttpd 1.4 which steadily uses 250GB or less bandwidth for the past couple of months. But since May the traffic spikeed to more than triple of what it was. Nothing special was on my site to make its spike like that. When I checked with vnstat I found that 70% of the bandwidth is tx. I suspect I've been hacked and my webserver is becoming some sort of bot. ClamAV comes out with nothing and I already replaced the Joomla installation with a fresh one, early in June. But right now the traffic stayed the same.
My question, how can I monitor my server and look what is transmitting all that data out? My need to be done to pinpoint what is the culprit.
Can someone please point to the right way to solve this? Thank you.
© Server Fault or respective owner