You would also be able to pick up on the excess traffic very quickly by just running netstat. SSH in to your server as root and type: netstat | wc This will tell you how many network connections are currently active. Now type netstat -l You will see a printout of all network connections, IP addresses, port numbers, inbound/outbound, protocol, etc. If you are running a cPanel VPS you have a few more tools at your disposal as well. (1) In your root WHM, go to Server Status > Apache Status. Here you will see a list of all live Apache connections, sorted by process number, showing what IP address is making each request and what URL it is attempting to access (along with a bunch of other helpful stats). Note, this is only for Apache processes, if your connections are on a different port or service, they won't be listed. (2) Also in your root WHM, enable Munin Service Monitor if you haven't already. Note, this is a somewhat resource-intensive utility, so if you are running something as small as a VPS it is likely going to slow your server down or drive your hostnode into swap. That means, don't install it. But if you do have sufficient physical resources to run Munin (turn it on in root WHM under cPanel > Plugins), it provides excellent graphs which will show you the number of active network connections (graphical netstat), Apache connections, RAM usage, inode usage, swap in/out, etc. If you have the resources to be able to run it, it is absolutely awesome ... it's not going to tell you the exact IPs accessing the server, nor in your case whether these connections are coming through the proxy or something else. But it is a great utility you can use to keep an eye on your system status. Great catch on the email deal...... and thank you for sharing that info. Bailey
Confirms the discussion on the proxy thread: Chinese traffic is mostly abusive. I had 5% of my hits eating up 80% of my bandwidth. I blocked them using blockacountry.com and saved bandwidth
I see in my logs some IP address ('Hosts' in awstats, is it the same?) using around 150mb of bandwidth and 10643 loaded pages.... Should I block these?
The most simple and elegant solution to ALL of this is (drum roll)... BLOCK ALL CHINESE TRAFFIC! Useless for ads, inherent for abuse, spam, hacking, and other stuff you don't need. Also you should block Iran traffic too. maxmind.com has everything you need ( for free) go there and find it out.
Its happening here, my awstats is going crazy while my analytics is still normal, same for adsense views. Bandwidth jumped from 6gb to 30gb a day, i had to disable hotlinking and block china traffic through iptables.
Gee, with all the proxies I own on different servers, it's going to be tough to monitor everything all at once. This sucks!
The reason for this is very simple. Awstats, and other server side stat programs see proxy traffic different than they should. Because of the nature of a proxy, these programs will count each image on a proxified page as a hit. Google analytics is the best thing to use to accurately count unique pageviews and hits. This is why I get so frustrated and mad when I see people on here posting awstats or webalizer stats and trying to sell a proxy with these inflated numbers. If you have any other questions, please let me know I'd be glad to assist.
I have problem from china too 221.221.210.225 430503 430503 6.41 GB 28 Nov 2007 - 13:12 221.221.207.146 168025 168025 2.52 GB 28 Nov 2007 - 19:31 216.61.101.247 74944 77229 1.24 GB 28 Nov 2007 - 15:42 consume a lot on my bandwidth.. i have banned already.. hopefully my bandwidth is getting lower
Thanks for the information! I have yet to be hit, however, I have just used blockacountry to ban china! Thanks
Looks as If When I start my Proxy site I would be blocking China and these IP's as well .Thank for information
WOW Thanks alot for this info. One of my clients used 69% of our server loads(about 3gb!). We thought he got ddos attacked =) However this seems much more likely.