How to find out the cause of a large amount of outgoing traffic from the server logs?

A

Alexander Glevskiy2015-09-12 13:00:35

linux

Alexander Glevskiy, 2015-09-12 13:00:35

Good afternoon,
I don't understand anything about server administration, I have a VPS that hosts a couple of little-visited sites. Today I went to the hosting panel to check the balance and was surprised to see a figure of 145GB in outgoing traffic for this month, which, it seems to me, is incredibly much in my case. In the panel, you can see the distribution of this figure over time - almost everything falls on August 31 and September 1.
Apparently (according to the list of successful authorizations), the insidious Chinese managed to get into the VPS from under the account through which Wordpress works, but I am very interested in what exactly they used the server for and how they generated this traffic.
Question 1: is it possible for me to find out what caused the surge in outgoing traffic, if I know approximately on what day it happened?
Question 2: Regardless of whether I can find out the answer to Question 1, what should I do now? Will the Chinese return? Uninstall and reinstall everything? Move WordPress to separate droplet in Digitalocean?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Ruslan Fedoseev, 2015-09-12
@martin74ua

The answer to your question is in the first sentence. Find someone who understands ;)
You need to analyze the server logs, examine the changed files, look at the list of running processes, check the checksums of the system binaries ..
rkhunter, brains and go.

P

pomeo, 2015-09-12
@pomeo

Take a look at the web server logs, most likely everything you need will be there. What and how filled. And most likely they filled in the webshell.