New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is this normal?
I have buy (1GB ram) vps with 7 IPs from xvmlabs, and I host 7 small blog there, i found my BW "out" is about 20k-60k bits per second.
and my partial netstat -s like below
Tcp:
1643 active connections openings
15999 passive connection openings
26 failed connection attempts
1161 connection resets received
1 connections established
115694 segments received
140491 segments send out
1331 segments retransmited
3 bad segments received.
1225 resets sent
is it normal for 7 small blog hosted there? I'm afraid my server hacked and ddosing other, but i don't find any suspicious script on "netstat -antup"
any idea?
Comments
Well I can say this, it is definitely not normal if your not the one connected to it, with the 1 connection established.
Please check your auth.log file for more details on who has been logging into your server besides you.
your auth.log is in /var/log/auth.log
because your auth.log will show you who has been logging into your server, including you, so look in there and it will tell you who tried to get into your server, and who was successful into getting in your server, etc.
please pm me and we will talk more about this.
May be check the access log to see if your site is flooded with visitors?
And hide it behind Cloudflare, they take care a lot of unwanted visits.
netstat -s is a mostly upcounting statistic... did you mention for what uptime this should tell anything about? why one should think, this indicates something wrong?
what about mine? ;-)
anything bad in this? (counting 210 days uptime by now)
the established connections are the overall tcp connections, so for sure this may be more than one, at least if you want some visitors connect to your webserver to be able to read your blogs...
if 20-60kbit/s is correct this will result in about 200-600 MB outgoing traffic per day, thats nothing more than a bit googlebots hopping around your blogs.
get some nice statistics like awstats for your blogs to see if the traffic-accounting matches those numbers and who is visiting your sites.
PS: maybe look at your traffic via iftop to see live whats going on ;-)
I use "last" command and only my ip shown in there,
when I posted this thread, my uptime only 10 hours, because just I reboot my vps yesterday.
it's only 40-60 visits / days for all 7 blogs,
so as i mentioned before, I'm afraid my vps ddosing others. but after read this comment then I can breathe easier now. thanks
Well I can only tell you to setup monitoring on it, and if solusvm or whatever panel your provider has shows a huge spike in network activity, then I am afraid to say it but yes your vps is ddosing others, because a huge spike in network activity indicates dos, or ddos. but I just want to make sure you know this, don't be looking just with the last command you want to look through the whole auth.log file from where you think ddos started to now(I know it might be long to look through that, but unfortunately that is what it takes to find out if anyone else got into your vps) because the last command will only show you who was the last person logged in(it will not give you a time span of who else could have got in between then and now.)
thanks, but "last" command already shown last 2 months (from the first time i purchase this vps) login from my vps.