Answer the question
In order to leave comments, you need to log in
How to find out the cause of a large amount of outgoing traffic from the server logs?
Good afternoon,
I don't understand anything about server administration, I have a VPS that hosts a couple of little-visited sites. Today I went to the hosting panel to check the balance and was surprised to see a figure of 145GB in outgoing traffic for this month, which, it seems to me, is incredibly much in my case. In the panel, you can see the distribution of this figure over time - almost everything falls on August 31 and September 1.
Apparently (according to the list of successful authorizations), the insidious Chinese managed to get into the VPS from under the account through which Wordpress works, but I am very interested in what exactly they used the server for and how they generated this traffic.
Question 1: is it possible for me to find out what caused the surge in outgoing traffic, if I know approximately on what day it happened?
Question 2: Regardless of whether I can find out the answer to Question 1, what should I do now? Will the Chinese return? Uninstall and reinstall everything? Move WordPress to separate droplet in Digitalocean?
Answer the question
In order to leave comments, you need to log in
The answer to your question is in the first sentence. Find someone who understands ;)
You need to analyze the server logs, examine the changed files, look at the list of running processes, check the checksums of the system binaries ..
rkhunter, brains and go.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question