Server Probs

Net-MAster

Net-MAster

Registered User
Hi,

ich habe in den letzten tagen Extrem erhöten Traffic aber ich weiß nicht warum,
ich habe eingetlich das ganze system nach rootkits etc durchsucht aber kann nichts finden das den traffic verursachen könnte.

wo könnte ich noch gucken bzw was sollte ich jetzt machen

---------------
hab nen vserver von s4u mit debian

netstat -an
Code: 
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:4221            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:51234           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:14534           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:31337           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 Server IP:40917     217.75.98.138:6667      ESTABLISHED
tcp        0      0 Server IP:39409     217.75.98.138:6669      ESTABLISHED
tcp        0      0 Server IP:52156     217.75.98.138:6667      ESTABLISHED
tcp        0  65213 Server IP:80        194.120.164.10:59857    LAST_ACK
tcp        0      0 Server IP:49844     195.68.221.111:6668     ESTABLISHED
tcp        0      0 Server IP:43748     213.131.131.156:6667    ESTABLISHED
tcp        0   1556 Server IP:22        213.54.220.131:4692     ESTABLISHED
tcp        0      0 Server IP:46168     217.75.98.139:6667      ESTABLISHED
tcp        0      0 Server IP:57716     213.131.131.156:6667    ESTABLISHED
tcp        0      0 Server IP:34620     194.109.129.222:6667    ESTABLISHED
tcp        0      0 Server IP:31337     84.59.68.195:19791      ESTABLISHED
tcp        0      0 Server IP:46721     194.109.129.222:6667    ESTABLISHED
tcp        0      0 Server IP:53819     194.109.129.222:6667    ESTABLISHED
tcp        0      0 Server IP:31337     84.171.214.229:1025     ESTABLISHED
udp        0      0 0.0.0.0:10000           0.0.0.0:*
udp        0      0 0.0.0.0:8888            0.0.0.0:*
udp        0      0 0.0.0.0:8767            0.0.0.0:*
udp        0      0 0.0.0.0:7777            0.0.0.0:*

port 31337: psybnc

greetz nMa
 
Last edited by a moderator:
also der Traffic kommt vom Apache aber in den Logs ist nichts das viel Traffic verursachen könnte und Confixx zeigt auch keinen hohen Traffic an

wenn der Apache aus ist hab ich nur den normalen Traffic aber sobald ich ihn wieder an machen geht der hohe Traffic wieder Los

Ich werde gleich IAM installieren und dann sehe ich ja auf welchem Port der Traffic läuft aber ich vermute ja port 80
 
hast du kein log analyzer?
Darin solltest du sehen, welche Dateien abgefragt werden und wie oft. Oder du schaust manuell in den Logs nach!
 
Logt Apache noch in andere Files als die in /var/log/apache2 (access und error log)

Wenn der Apache an ist ist auch sofort der Hohe traffic da also muss es ja der Webserver sein aber naja in den Logs steht nichts drinn das viel Traffic machen könnte, wobei ich nicht weiß was die Fehlermeldungen in der Error log zusagen haben:

Code: 
[Sun May 29 22:33:35 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:33:53 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:33:53 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:34:14 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:34:14 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:34:43 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:34:45 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:34:45 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:34:59 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:35:08 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:35:12 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:35:46 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:35:48 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:36:10 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:36:33 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:18 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:27 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:28 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:29 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:30 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:35 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:41 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:37:44 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:38:28 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:38:30 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:39:18 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:39:19 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:39:20 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:41:41 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:41:48 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:41:50 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:11 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:20 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:23 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:33 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:37 2005] [info] (32)Broken pipe: core_output_filter: writing data to the network
[Sun May 29 22:42:43 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:53 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:55 2005] [info] (104)Connection reset by peer: core_output_filter: writing data to the network
[Sun May 29 22:42:59 2005] [info] (9)Bad file descriptor: core_output_filter: writing data to the network
[Sun May 29 22:42:59 2005] [info] (9)Bad file descriptor: core_output_filter: writing data to the network
 
You must log in or register to reply here.
Back
Top