Bandwidth stolen?
There might be another possibilty. Last week we had an exploitable php-programm, wich a hacker used to install a iroffer-Programm, to upload Files to our server and download them through an irc-channel. That stole 2 GB in 2 Days. I hope you dont have such a problem, but i wouldnt trust the Plesk-Stats for this. First of all, check the directory-sizes (du -h --max-depth=-1 /home/httpd/vhosts) and look for suspicious big directories. If found one, look what's in there. Again with, du, or even ls. If you find movies or something in a directory, keep the names of the directories in mind. Then i would look in /var/t?mp, for any suspicious installations like "eggdrop" or "iroffer", wich might be inclusive all sources. If you find one, you might get information bout the tool in the README or other info-file. Then kill all processes you find. If the programm was found on /var/t(e)mp, it was an eploitable script on one of your hosts. Check those where you found the files i told you above (movies, tools, mp3's etc). f it was a script , here another tip: edit /etc/php.ini and modify disable_functions like this: disable_functions = system,exec. Then it shouldn't be possible to execute programms over php-exploits.
Facebook
Twitter