Hi Friends We got a serious problem. Our server bandwidth usage increased dramatically. Each month our server uses 6 GB Internet but it's about two weeks that our server uses 5 GB per day. It cost me a lot. Remotely tried to monitor each node's to figure out whose uses. What I show was very shocking! results show that our customers overuse the Internet. I think ISPConfig infected by some PHP or AJAX virus because I checked attacks and all saw was our customers. Please anyone encountered with this kind of problem or knows the answer let me know. In my country, Internet costs are a lot and I can't afford it. Also, I put a client network monitor as an attachment.
After a couple of minutes, client page still processing and sending data to the server. I think it shouldn't do like this. I don't know what is going on.
If you have reason to believe it is just one costomer, try removing Active for that website settings.
Dear Taleman, thanks for your prompt reply. Well I just monitored for a couple of minutes, I checked randomly for two weeks and after lots of examination observed this as an issue.
Regrettably, we are in a location because of US sanction can't pay the license fee. Please offer me an alternative way.
Here is the result of ISPPROTECT: !!! DO NOT INTERRUPT THE SCRIPT !!!! After the scan is completed, you will find the results also in the following files: Malware => /tmp/found_malware_20181028081235.txt Wordpress => /tmp/software_wordpress_20181028081235.txt Joomla => /tmp/software_joomla_20181028081235.txt Drupal => /tmp/software_drupal_20181028081235.txt Mediawiki => /tmp/software_mediawiki_20181028081235.txt Contao => /tmp/software_contao_20181028081235.txt Magentocommerce => /tmp/software_magentocommerce_20181028081235.txt Woltlab Burning Board => /tmp/software_woltlab_burning_board_20181028081235.txt Cms Made Simple => /tmp/software_cms_made_simple_20181028081235.txt Phpmyadmin => /tmp/software_phpmyadmin_20181028081235.txt Typo3 => /tmp/software_typo3_20181028081235.txt Roundcube => /tmp/software_roundcube_20181028081235.txt Shopware => /tmp/software_shopware_20181028081235.txt Mysqldumper => /tmp/software_mysqldumper_20181028081235.txt Starting scan level 1 ... Scanning 45091 files now ... Scan level 1 completed. 0 hits. Starting scan level 2 ... Scanning 25259 files now ... Read 119909 whitelist signatures ... Scan level 2 completed. 1 hits. Searching for open proxy plugin … Searching for cryptophp malware … ================================ Found 1 malware file(s) ================================ Malware {ISPP}suspect.big.phpfile in /var/www/clients/client0/web8/web/demo/assets/js/plugins/editors/ace/worker-xquery.js ================================ Starting Wordpress check. This could take a while ... Most decent version(s): 4.9.8 Outdated Wordpress version: 4.4.1 (newest is 4.9.8) in /var/www/clients/client0/web4/web/payamoshir Wordpress check found 0 current and 1 outdated versions. ================================ Starting Joomla check. This could take a while ... Most decent version(s): 2.5.28, 3.1.3, 3.2.7, 3.6.5, 3.8.13 Joomla check found 0 current and 0 outdated versions. ================================ Starting Drupal check. This could take a while ... Most decent version(s): 6.38, 7.60, 8.6.2 Drupal check found 0 current and 0 outdated versions. ================================ Starting Mediawiki check. This could take a while ... Most decent version(s): 1.31.1 Mediawiki check found 0 current and 0 outdated versions. ================================ Starting Contao check. This could take a while ... Starting Magentocommerce check. This could take a while ... Most decent version(s): 1.9.3.10 Magentocommerce check found 0 current and 0 outdated versions. ================================ Starting Woltlab_burning_board check. This could take a while ... Most decent version(s): 4.1.19, 5.0.14, 5.1.4 Woltlab Burning Board check found 0 current and 0 outdated versions. ================================ Starting Cms_made_simple check. This could take a while ... Starting Phpmyadmin check. This could take a while ... Most decent version(s): 4.0.10.20, 4.8.3 Phpmyadmin check found 0 current and 0 outdated versions. ================================ Starting Typo3 check. This could take a while ... Most decent version(s): 7.6.31, 8.7.19, 9.4.0, 9.5.0 Typo3 check found 0 current and 0 outdated versions. ================================ Starting Roundcube check. This could take a while ... Starting Shopware check. This could take a while ... Starting Mysqldumper check. This could take a while ... ================================ Starting WP plugin vulnerability scan. This could take a while ... ================================ Starting WP plugin version scan. This could take a while ... Outdated WP plugin "wp-jalali" version: 5.0.0 (newest is 5.0.1) in /var/www/clients/client0/web4/web/payamoshir WP plugin version check found 0 current and 1 outdated versions. ================================ Scan Level 4 (SQL) skipped.
Old versions of software attract malware, so force users to upgrade or shutdown the website. Examine the file the script claims contains malware. It may be false alarm. Those bigfiles are often log files the program writes to but newer cleans.
I deleted that Malware and waited to see the result of Internet usage within 12 hours. Still, nothing changed and I have that problem. Is there any monitoring program to give me detail report of each node Internet usage and let me know which site uses this Internet and what for it is used!
Run the top command on the shell, then you will probably see which website uses the most resources by looking which PHP processes of a web[id] user are the topmost. Then look up which website it is and check out the access.log of the site to see what's going on.
Is nethogs available for your OS? It would show which user is using most bandwith. If bandwith is expensive, use quota to limit customers, or charge customers by usage.
Hi till & Glad to see your attention in my question As far as I see this command, it only shows me the system usage or I couldn't understand your meaning about this command. I don't know if there is a command that lets me know how much the Internet via which file used! I think this way I can find the problem source.
Above posted screenshot token via nethogs (in the early post). Would you please let me know how should I use this command (quota)
I never wrote nothing about command quota. In ISPConfig, go to user settings. there are limit settings you can use to put quota on bandwith use.
