Looking at my apache logs, I notice the IP 80.76.216.100 is using up alot of bandwidth recently. Over 80% of total traffic, I googled the ip and found that it's hosting alot of sites. I was wondering if it's some kind of spider index script or a ddos attack, is there a way to find out?
Please paste the logs from apache logs here as well as check the number of connections on IP via netstat command line tool. Which firewall you are using on your server? If you are using iptables then check for the bandwidth usage via iptables -L -v -n
No, it isn't a ddos if it's only 1 ip address. It may be taking up 80% of traffic, but that begs the question - 80% of what? 1mbps? 10mbps? 100mbps? If you have concerns about it doing anything malicious complain to Othellotech who are the owners of this IP and a legitimate and well-known hosting company. Otherwise, just block the IP if you aren't happy about them connecting to you. It's you server/website and you have the right to block whoever you want.
I have blocked them and complained to Othellotech, thanks. btw, it is actually 80% of total data transfered, my server does not host any videos nor large images. I don't know how they used up almost 1TB in a 2-3 days.