GO FISHING, use SLABSAUCE Fishing Attractant
Results 1 to 6 of 6

Thread: I think we're in for another slowdown today at the usual time.

  1. #1
    Join Date
    Dec 2003
    Location
    1/2 Way tween Chicago & Milwaukee
    Posts
    844

    Default I think we're in for another slowdown today at the usual time.

    Here's a link to what my eth0 card is doing, and for some reason, starting Sat afternoon, outboud traffic has been running way high on my server. It's continuing now (even after yesterday's reboot) and I can't figure out what exactly is causing it. You can see in the graphs, that Sunday night I moved my DB off to a back end network. The green goes way down, but the outbound stays high.

    You can see on the yearly graph when I implemented the separate DB server, the first of the year. But since sunday night, that green traffic is down, but the blue line, outbound traffic stays high.

    http://www.bimmer.info/ed/outside.html

    I can't believe the way the pattern is, that it could be one person doing FTP, especially since after the reboot it stays high. And it's high all day, with some minor peaks. But anyway, any Linux/UNIX gurus got any ideas? I'm going to go look at the logs for that time on Sat to see what I can find.

    http://www.bimmer.info/ed/outside.html

    A Bimmer Nut for sure: '04 530im (current daily driver), '97 m3, '98 323is, '99 Z3, '01 740iL, '06 330cicm zhp, '02 R1150R, '69 r60, Owner/Operator of www.Bimmer.info and www.BimmerNut.com
    And I still maintain: '90 535im (sold to daughters best friend, one of my favorite bimmers), '92 525im (daughters other best friend now drives this one).

  2. #2
    Join Date
    Dec 2003
    Location
    Austin, TX
    Posts
    1,181

    Default

    looks like someone hacked the server, and is whoring the outbound bandwidth!

    http://www.ethereal.com/download.html

    Try that packet sniffer and see how much traffic you have on Port 21, or what other port is clogging it up.
    1995 540iA M-Sport - 76k miles. 1 of 1 auto AW3 cars.
    1995 540i/6 - Misc Parts donor for above.

  3. #3
    Join Date
    Apr 2004
    Location
    Dallas, TX
    Posts
    99

    Default

    I'm not an expert just reading 2 graphs, but something to look at:

    Scan for new program installs and folders, since the slowdown, esp. if you have SMTP running. Someone could have hacked your server and is using it to auto-send massive amounts of spam email out. This happens all the time. If you don't need SMTP, shut it down.
    ...Bill

  4. #4
    Join Date
    Nov 2004
    Location
    Winston-Salem, NC
    Posts
    603

    Default Someone has hacked you

    Ed,

    I am no UNIX pro, but last Nov. the transfer speeds for my broadband connection went from 2.6MBps to 4kbps. After contacting the ISP, I was told someone in the neightborhood was using the bandwidth for an illegal file server.

    Someone has hacked your system and whether its spamming, ftp, or using your bandwidth to host a stealth site; someone's definetly on your system.
    I've noticed that the slowdown happens during the day, which would make sense if you didn't want your "host" to know about you.

    (kinda OT) Just so you know Ed, I appreciate you setting up this forum and letting us play. I also hope your interview went well yesterday.
    -ashley


    '92 525iA / 179k miles / Born 3.92 / ABS / No ASC / stock / North Carolina



    Paper Gaskets Suck!

  5. #5
    Join Date
    Dec 2003
    Location
    1/2 Way tween Chicago & Milwaukee
    Posts
    844

    Default

    Good info guys. The SMTP thing might be something. I'll do as you suggest d00d. I did check the normal SMPT traffic (I should really sy usage), and it's real low. I do need SMTP but I could also move that to another server. I may try turning it off during this afternoons pinch.

    Ashley, I know that might be a possibility too. But the graph I'm shosing you is the activity on my server, not on my router, so someone could be hijacking my wireless router access, but it sould not show up on my servers stats. My server is the one that's doing all that "outbound". And it's immediate, even after a boot, so I could see a script that might be hidden using my SMTP up. Although, now that I think of it, SMPT activity is not what I'm seeing in a TOP command during the problem periods. It's always HTTP. hmmm, the mystery may go on.

    A Bimmer Nut for sure: '04 530im (current daily driver), '97 m3, '98 323is, '99 Z3, '01 740iL, '06 330cicm zhp, '02 R1150R, '69 r60, Owner/Operator of www.Bimmer.info and www.BimmerNut.com
    And I still maintain: '90 535im (sold to daughters best friend, one of my favorite bimmers), '92 525im (daughters other best friend now drives this one).

  6. #6
    Join Date
    Dec 2003
    Location
    Austin, TX
    Posts
    1,181

    Default

    Wonder if they're relaying something via the HTTP Port. Check to see if it's the same server being relayed, or if it is actually just a lot of legit traffic.
    1995 540iA M-Sport - 76k miles. 1 of 1 auto AW3 cars.
    1995 540i/6 - Misc Parts donor for above.

Similar Threads

  1. More exhaust smoke than usual and mpg down...
    By e34.535i.sport in forum 5 Series BMW
    Replies: 6
    Last Post: 11-24-2007, 03:34 AM
  2. Car higher than usual?
    By Anton CH. in forum 5 Series BMW
    Replies: 2
    Last Post: 08-09-2006, 06:44 PM
  3. So I waxed my car today (56k = Sleepy Time)
    By Jon K in forum 5 Series BMW
    Replies: 10
    Last Post: 04-07-2005, 12:18 PM
  4. Not the usual steering problem
    By Unregistered in forum 5 Series BMW
    Replies: 9
    Last Post: 05-30-2004, 06:08 AM
  5. Replies: 7
    Last Post: 05-28-2004, 12:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •