Hi All,

My ISP is charging me for a lot of traffic on my ISPConfig server.

I have the firewall turned on.

I'm running ISPConfig 2.2.24 on Perfect Ubuntu 8

I have also loaded the vnstats+php frontend.

It works nicely. Everyday my traffic is inbetween 1 & 1.5Gb. The odd day it is on 8Gb. Is it because my server is hacked????


Any suggestions are welcome.

You should check your server with rkhunter. High traffic does normally not mean that your server is hacked. There are mayn different reasons why your traffic could be high, e.g. a link of a popular site to one of your sites or a broken webspider script.

Hi Till,

Thanks for the speedy reply.

Will you be able to let me know how to use rkhunter, as i am new to linux

Please have a look here:

http://www.rootkit.nl/projects/rootkit_hunter.html

There you will find the download link, FAQ and documentation for rkhunter. After you installed the software, just run:

rkhunter -c

as root user.

Hi Till,

Thanks for the info. It looks a little complicated. I don't have the time now. I will look at it tonight.

Is there no other way to check??

same problem here

I'm moving from a plesk vps from provider A to a dedicated server, with debian etch and latest 2.x ispconfig, to provider B.
In the traffic logs of provider B there is a lot in-traffic. That with only some mx records pointing to this server.

I viewed the logs but can't find where it is comming from.
netstat shows only one foreign address, my ssh session

how to check this traffic?

Hi Till,

Thanks for the info. It looks a little complicated. I don't have the time now. I will look at it tonight.

Is there no other way to check??

You could also use chkrootkit.