/ 0评 / 0


It would appear that your server is launching a network-based attack against another server somewhere else. If you look at your bandwidth utilization (from the Traffic tab) you'll see that your server is flooding the bandwidth connection.

Most likely either your server or a VPS on your server has been hacked and it's now acting as part of a botnet.

In order to determine which of your IPs is consuming all of the bandwidth you'll need to run a packet capture on your server while the attack is taking place. If you're unable to access the server via SSH or via XenCenter (if using XenServer) then you can access the server out-of-band using the serial console access.

Log in to your server and first try running this command:

/usr/sbin/tcpdump -e -nn -c 200

That will dump 200 packets to the terminal. Hopefully it is obvious from the output which IP is responsible for sending out the majority of the bandwidth.

If the offending IP is not obvious from the output then you can try filtering the output of tcpdump through a small analysis script we have. Try these commands:

cd /tmp

wget http://centos.take2hosting.com/dumpCount.pl

chmod 755 dumpCount.pl

/usr/sbin/tcpdump -e -nn -c 200 | ./dumpCount.pl

And look to see if the Top Sender (Bytes or Packets) looks to be the offending IP.

If you're unable to determine the attacker from there then you should start stopping/suspending your VPSes (if you're running VPSes) one at a time until the problem subsides. Then you'll know which VPS is causing the problem.


邮箱地址不会被公开。 必填项已用*标注