-
February 7th, 2007, 04:59 PM
#1
Bandwidth Spike
My wife and I were reviewing the stats in cPanel from our web host (I think they use awstats) and we noticed that with only 6 days completed we have almost maxed our 2Gb bandwidth usage for February.
The site being hosted holds a simple Wordpress blog site. We don’t even upload our pictures there. Images are uploaded to Flickr and linked from the blog. There is email usage, but not nearly to the volumes we are seeing in the stats.
It seems that each night between midnight and 4am – while we’re sleeping – a massive amount of POP3 traffic is being associated with our domain / web hosting account. Any ideas for how I can investigate this from my end or what I should tell the techs at the web host to look for? It seems to me that their server is being used as a spam distribution or relay point and that they need to go lock some stuff down, but I am not sure how to explain it to them.
Thus far, their troubleshooting has amounted to “wow! I guess you get a lot of email after midnight!”. We explained that our computers are on 24/7 and the email client is set to download every 1 minute- so it is virtually impossible for us to have any such spike in traffic.
Any clues?
-
February 7th, 2007, 06:24 PM
#2
If it's pop3 traffic, shouldn't a packetsniffer be able to capture said traffic so you can view the contents in the morning? If you're relaying emails, you should be getting traffic in from one server, and traffic out to another server as well.
If there is no/less traffic than reported, someone else may be spoofing your domain. But I'd be opening ethereal anyways.
-
February 8th, 2007, 06:14 PM
#3
yuo should know better
Tony, is she useign an uptodate version of wordpress. dose her host allow f_open php calls. PHP is a very insecure language, wordpress is an extreamily insecure app. One of the hosting providers I worked for had thsi issue you could be looing at one of two things. Some one uploaded a spam remailer to your system and its now spamming the world via file uploads in wordpress. or someone is hitting wordpresses email ability with a email injection attack. dig through the apache logs jsut prio to the spam goign out and see if anyone is access an unuseual php page. other wise look for odd files on the system. This looks like the typical fallout of a php compromise
Who is more trustworthy then all of the gurus or Buddha’s?
-
February 9th, 2007, 06:03 AM
#4
Tell your ISp that you will switch ISPs due to the fact that they do not filter spam..unless they do..and you have just not turned on the filters??
and if they dont listen...start forwarding the spam to the tech support....
that usually does it
or switch providers....its painless really...find one with filters
MLF
Last edited by morganlefay; February 9th, 2007 at 06:08 AM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
February 9th, 2007, 02:26 PM
#5
morganlefay: I don't think taht will help. some one is useing tonys account as a spam relay...tony if you could get them to look at the mail queue durign one of the spikes I bet it would be loaded with spam.
Who is more trustworthy then all of the gurus or Buddha’s?
-
February 9th, 2007, 03:02 PM
#6
Is this an ISP mailserver...or do you have your own mail server??
If its your mail server...what flavor??
If its the isps mail server....change ISPs...cause they dont seem to have a fricken clue if they are allowing mail to relay
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
February 9th, 2007, 08:07 PM
#7
If the account were being used as a spam relay wouldn't we be talking about a large amount of SMTP traffic rather then POP3?
Seems it's time to find a new provider. Without access to the system, network or detailed logs you are likely S.O.L.
-
February 10th, 2007, 07:17 AM
#8
If it really is POP traffic ..change passwords..
make sure the machines accessing the the mail are clean....
if it is smpt........check the mail server....
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Similar Threads
-
By phishphreek in forum General Computer Discussions
Replies: 4
Last Post: September 17th, 2004, 03:21 AM
-
By ol jeb in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: January 28th, 2004, 09:16 PM
-
By sickyourIT in forum Other Tutorials Forum
Replies: 27
Last Post: July 9th, 2003, 07:54 AM
-
By problemchild in forum The Security Tutorials Forum
Replies: 1
Last Post: September 5th, 2002, 06:53 PM
-
By Remote_Access_ in forum Security News
Replies: 2
Last Post: July 16th, 2002, 10:07 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|