lnmpa 安装后 流量跑的特快 是什么原因
刚架设好lmap 用探针发现流量跑的特快 是什么原因 昨天安装好后 1天流量流出750G, 以为是被黑了, 然后删除重新装 装好后 网站程序调试好 发现还是老样子流量跑的特快 是什么原因 急!http://58.215.173.61/info/p.php探针地址 这不刚一会 又发送12G了 才10分钟左右
网络使用状况lo : 已接收 : 0.01589 G已发送 : 0.01589 Geth0 : 已接收 : 2.81095 G已发送 : 12.18322 Gsit0 : 已接收 : 0 G已发送 : 0 G
现在跑到120g了
下面是ifconfig的结果
eth0 Link encap:EthernetHWaddr 00:16:3E:01:74:06
inet addr:192.168.10.247Bcast:192.168.31.255Mask:255.255.224.0
inet6 addr: fe80::216:3eff:fe01:7406/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:29273660 errors:0 dropped:0 overruns:0 frame:0
TX packets:133755449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4698500071 (4.3 GiB)TX bytes:129652697104 (120.7 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNINGMTU:16436Metric:1
RX packets:1823885 errors:0 dropped:0 overruns:0 frame:0
TX packets:1823885 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1095526763 (1.0 GiB)TX bytes:1095526763 (1.0 GiB)
这是刚刚监控的结果这样的数据跑的很快 只能复制一点点 ip是不同的 平均2分钟一次 每次ip不一样
58.215.173.133 => 113.6.245.183 170Kb 158Kb 112Kb
<= 0b 0b 0b
58.215.173.34 => 113.6.245.183 159Kb 158Kb 104Kb
<= 0b 0b 0b
58.215.173.148 => 113.6.245.183 156Kb 161Kb 114Kb
<= 0b 0b 0b
58.215.173.118 => 113.6.245.183 151Kb 171Kb 110Kb
<= 0b 0b 0b
58.215.173.26 => 113.6.245.183 151Kb 155Kb 102Kb
<= 0b 0b 0b
58.215.173.181 => 113.6.245.183 148Kb 146Kb 102Kb
<= 0b 0b 0b
58.215.173.135 => 113.6.245.183 148Kb 154Kb 109Kb
<= 0b 0b 0b
58.215.173.106 => 113.6.245.183 146Kb 170Kb 114Kb
<= 0b 0b 0b
58.215.173.168 => 113.6.245.183 144Kb 163Kb 116Kb
<= 0b 0b 0b
58.215.173.245 => 113.6.245.183 144Kb 158Kb 106Kb
<= 0b 0b 0b
58.215.173.198 => 113.6.245.183 141Kb 159Kb 111Kb
<= 0b 0b 0b
58.215.173.121 => 113.6.245.183 140Kb 145Kb 105Kb
<= 0b 0b 0b
58.215.173.98 => 113.6.245.183 139Kb 143Kb 105Kb
<= 0b 0b 0b
58.215.173.196 => 113.6.245.183 139Kb 142Kb 107Kb
<= 0b 0b 0b
58.215.173.153 => 113.6.245.183 138Kb 175Kb 116Kb
<= 0b 0b 0b
58.215.173.11 => 113.6.245.183 137Kb 152Kb 108Kb
<= 0b 0b 0b
58.215.173.212 => 113.6.245.183 135Kb 165Kb 106Kb
<= 0b 0b 0b
58.215.173.112 => 113.6.245.183 135Kb 151Kb 105Kb
<= 0b 0b 0b
58.215.173.73 => 113.6.245.183 132Kb 148Kb 110Kb
<= 0b 0b 0b
58.215.173.110 => 113.6.245.183 132Kb 153Kb 106Kb
<= 0b 0b 0b
58.215.173.157 => 113.6.245.183 131Kb 155Kb 108Kb
<= 0b 0b 0b
58.215.173.1 => 113.6.245.183 130Kb 150Kb 108Kb
<= 0b 0b 0b
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
[ 本帖最后由 lip5201 于 2011-12-29 18:53 编辑 ] ifconfig 看一下 是不是被盗链了啊?
我运行3天才1.5G
每天几百IP
回复 3# 的帖子
这个不好说 刚装好的服务器 没那么快盗链吧!之前发完贴子后一直保持12g多 一直到昨天晚上都是12g多,没在增加 以为没事 刚打开看下 又跑到43g多了我观察了会 增长的不快! 为什么夜里才几个小时啊 跑了30多G eth0 Link encap:EthernetHWaddr 00:16:3E:01:74:06
inet addr:192.168.10.247Bcast:192.168.31.255Mask:255.255.224.0
inet6 addr: fe80::216:3eff:fe01:7406/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:29273660 errors:0 dropped:0 overruns:0 frame:0
TX packets:133755449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4698500071 (4.3 GiB)TX bytes:129652697104 (120.7 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNINGMTU:16436Metric:1
RX packets:1823885 errors:0 dropped:0 overruns:0 frame:0
TX packets:1823885 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1095526763 (1.0 GiB)TX bytes:1095526763 (1.0 GiB) 很可能是被盗链,你可以把nginx停掉,看看流量还跑的很快不 这是刚刚监控的结果这样的数据跑的很快 只能复制一点点 ip是不同的 平均2分钟一次 每次ip不一样
58.215.173.133 => 113.6.245.183 170Kb 158Kb 112Kb
<= 0b 0b 0b
58.215.173.34 => 113.6.245.183 159Kb 158Kb 104Kb
<= 0b 0b 0b
58.215.173.148 => 113.6.245.183 156Kb 161Kb 114Kb
<= 0b 0b 0b
58.215.173.118 => 113.6.245.183 151Kb 171Kb 110Kb
<= 0b 0b 0b
58.215.173.26 => 113.6.245.183 151Kb 155Kb 102Kb
<= 0b 0b 0b
58.215.173.181 => 113.6.245.183 148Kb 146Kb 102Kb
<= 0b 0b 0b
58.215.173.135 => 113.6.245.183 148Kb 154Kb 109Kb
<= 0b 0b 0b
58.215.173.106 => 113.6.245.183 146Kb 170Kb 114Kb
<= 0b 0b 0b
58.215.173.168 => 113.6.245.183 144Kb 163Kb 116Kb
<= 0b 0b 0b
58.215.173.245 => 113.6.245.183 144Kb 158Kb 106Kb
<= 0b 0b 0b
58.215.173.198 => 113.6.245.183 141Kb 159Kb 111Kb
<= 0b 0b 0b
58.215.173.121 => 113.6.245.183 140Kb 145Kb 105Kb
<= 0b 0b 0b
58.215.173.98 => 113.6.245.183 139Kb 143Kb 105Kb
<= 0b 0b 0b
58.215.173.196 => 113.6.245.183 139Kb 142Kb 107Kb
<= 0b 0b 0b
58.215.173.153 => 113.6.245.183 138Kb 175Kb 116Kb
<= 0b 0b 0b
58.215.173.11 => 113.6.245.183 137Kb 152Kb 108Kb
<= 0b 0b 0b
58.215.173.212 => 113.6.245.183 135Kb 165Kb 106Kb
<= 0b 0b 0b
58.215.173.112 => 113.6.245.183 135Kb 151Kb 105Kb
<= 0b 0b 0b
58.215.173.73 => 113.6.245.183 132Kb 148Kb 110Kb
<= 0b 0b 0b
58.215.173.110 => 113.6.245.183 132Kb 153Kb 106Kb
<= 0b 0b 0b
58.215.173.157 => 113.6.245.183 131Kb 155Kb 108Kb
<= 0b 0b 0b
58.215.173.1 => 113.6.245.183 130Kb 150Kb 108Kb
<= 0b 0b 0b 关掉nginx后的 监控数据
192.168.10.247 => google-public-dns-a.google.com 1.42Kb2.66Kb2.02Kb
<= 1.42Kb2.75Kb2.12Kb
192.168.10.247 => 117.26.77.146 3.42Kb3.93Kb4.29Kb
<= 160b 160b 246b
192.168.31.255 => 192.168.15.80 0b 0b 0b
<= 2.77Kb1.75Kb 665b
192.168.31.255 => 192.168.19.210 0b 0b 0b
<= 3.07Kb1.59Kb 579b
192.168.31.255 => 192.168.10.31 0b 0b 0b
<= 2.13Kb1.40Kb 936b
192.168.31.255 => 192.168.12.30 0b 0b 0b
<= 1.22Kb1.13Kb 914b
192.168.31.255 => 192.168.17.191 0b 0b 0b
<= 1.67Kb1.02Kb 346b
192.168.31.255 => 192.168.11.152 0b 0b 0b
<= 1.67Kb1.02Kb 261b
192.168.31.255 => 192.168.16.208 0b 0b 0b
<= 1.67Kb1.02Kb 261b
192.168.31.255 => 192.168.14.127 0b 0b 0b
<= 1.40Kb 984b 246b
192.168.31.255 => 192.168.19.126 0b 0b 0b
<= 0b 981b 400b
192.168.31.255 => 192.168.12.4 0b 0b 0b
<= 1.09Kb 922b 230b
192.168.31.255 => 192.168.11.191 0b 0b 0b
<= 936b 874b 842b
192.168.31.255 => 192.168.10.172 0b 0b 0b
<= 936b 874b 842b
192.168.31.255 => 192.168.16.90 0b 0b 0b
<= 1.67Kb 872b 218b
192.168.31.255 => 192.168.16.9 0b 0b 0b
<= 624b 822b 262b
192.168.31.255 => 192.168.15.15 0b 0b 0b
<= 1.70Kb 822b 262b
192.168.31.255 => 192.168.16.63 0b 0b 0b
<= 1.70Kb 822b 262b
192.168.31.255 => 192.168.14.99 0b 0b 0b
<= 624b 811b 872b
192.168.31.255 => 192.168.11.53 0b 0b 0b
<= 936b 811b 702b
192.168.31.255 => 192.168.13.107 0b 0b 0b
<= 936b 811b 702b
192.168.31.255 => 192.168.11.70 0b 0b 0b
<= 312b 760b 262b 还是会有
58.215.173.24 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 380Kb 213Kb 133Kb
<= 0b 0b 0b
58.215.173.90 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 437Kb 213Kb 129Kb
<= 0b 0b 0b
58.215.173.28 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 379Kb 212Kb 128Kb
<= 0b 0b 0b
58.215.173.149 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 332Kb 212Kb 132Kb
<= 0b 0b 0b
58.215.173.153 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 394Kb 211Kb 130Kb
<= 0b 0b 0b
58.215.173.126 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 375Kb 211Kb 133Kb
<= 0b 0b 0b
58.215.173.21 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 422Kb 210Kb 127Kb
<= 0b 0b 0b
58.215.173.82 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 414Kb 210Kb 133Kb
<= 0b 0b 0b
58.215.173.162 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 359Kb 209Kb 129Kb
<= 0b 0b 0b
58.215.173.57 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 383Kb 209Kb 132Kb
<= 0b 0b 0b
58.215.173.185 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 392Kb 209Kb 131Kb
<= 0b 0b 0b
58.215.173.88 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 365Kb 208Kb 127Kb
<= 0b 0b 0b
58.215.173.89 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 360Kb 208Kb 131Kb
<= 0b 0b 0b
58.215.173.122 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 360Kb 206Kb 127Kb
<= 0b 0b 0b
58.215.173.147 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 353Kb 206Kb 131Kb
<= 0b 0b 0b
58.215.173.180 => 231.32.34.171.adsl-pool.jx.chinaunicom.com 321Kb 206Kb 128Kb
<= 0b 0b 0 被盗了吧
:lol 那要怎么办啊 求解 现在都发几十g了 一会功夫 命令:tcpdump -qne arp
永不停止下面内容 怎么办啊
19:38:22.365985 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.18.12 tell 192.168.0.16
19:38:22.396603 00:16:3e:01:84:04 > Broadcast, ARP, length 60: arp who-has 192.168.12.101 tell 192.168.2.22
19:38:22.755093 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:23.293307 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:23.365983 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.18.12 tell 192.168.0.16
19:38:23.755176 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:23.964483 00:1b:21:b9:9f:d4 > 00:16:3e:01:74:06, ARP, length 60: arp who-has 192.168.10.247 tell 192.168.0.16
19:38:23.964504 00:16:3e:01:74:06 > 00:1b:21:b9:9f:d4, ARP, length 42: arp reply 192.168.10.247 is-at 00:16:3e:01:74:06
19:38:24.111964 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.16.109 tell 192.168.0.16
19:38:24.293894 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:24.378807 00:16:3e:01:7c:1f > Broadcast, ARP, length 60: arp who-has 192.168.0.6 tell 192.168.14.123
19:38:24.382773 00:16:3e:01:7c:1f > Broadcast, ARP, length 60: arp who-has 192.168.0.6 tell 192.168.14.123
19:38:24.455990 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.18.12 tell 192.168.0.16
19:38:24.662329 00:16:3e:01:79:2a > Broadcast, ARP, length 60: arp who-has 192.168.12.101 tell 192.168.12.57
19:38:24.755156 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:25.054251 00:16:3e:01:73:65 > Broadcast, ARP, length 60: arp who-has 192.168.14.43 tell 192.168.18.2
19:38:25.298380 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:25.456061 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.18.12 tell 192.168.0.16
19:38:25.731013 00:16:3e:01:7c:af > Broadcast, ARP, length 60: arp who-has 192.168.1.231 tell 192.168.16.187
19:38:25.860834 00:16:3e:01:73:50 > Broadcast, ARP, length 60: arp who-has 192.168.11.125 tell 192.168.10.31
19:38:26.318144 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:26.455958 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.18.12 tell 192.168.0.16
19:38:26.611018 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.11.67 tell 192.168.0.16
19:38:26.755420 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:26.913123 00:16:3e:01:7c:2f > Broadcast, ARP, length 60: arp who-has 192.168.12.101 tell 192.168.15.146
19:38:26.965271 00:16:3e:01:7b:9b > Broadcast, ARP, length 60: arp who-has 192.168.15.147 tell 192.168.15.128
19:38:27.004811 00:16:3e:01:7a:5d > Broadcast, ARP, length 60: arp who-has 192.168.0.1 tell 192.168.17.137
19:38:27.317861 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:27.612075 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.11.67 tell 192.168.0.16
19:38:27.755475 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:27.812647 00:16:3e:01:82:10 > Broadcast, ARP, length 60: arp who-has 192.168.0.1 tell 192.168.19.30
19:38:28.321699 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:28.476055 00:16:3e:01:84:02 > Broadcast, ARP, length 60: arp who-has 192.168.0.6 tell 192.168.19.254
19:38:28.612034 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.11.67 tell 192.168.0.16
19:38:28.755467 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:28.958922 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.10.207 tell 192.168.0.16
19:38:29.162875 00:16:3e:01:81:2b > Broadcast, ARP, length 60: arp who-has 192.168.12.101 tell 192.168.19.173
19:38:29.342833 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:29.403006 00:16:3e:01:74:1f > Broadcast, ARP, length 60: arp who-has 192.168.0.3 tell 192.168.10.124
19:38:29.931058 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.16.144 tell 192.168.0.16
19:38:30.230873 00:16:3e:01:82:d6 > Broadcast, ARP, length 60: arp who-has 192.168.1.231 tell 192.168.19.9
19:38:30.341062 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:30.553184 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.10.204 tell 192.168.0.16
19:38:30.755653 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:30.811935 00:16:3e:01:7a:9c > Broadcast, ARP, length 60: arp who-has 192.168.0.6 tell 192.168.11.89
19:38:31.002242 00:16:3e:01:73:50 > Broadcast, ARP, length 60: arp who-has 192.168.15.150 tell 192.168.10.31
19:38:31.346974 00:16:3e:01:6f:35 > Broadcast, ARP, length 60: arp who-has 192.168.1.205 tell 192.168.1.48
19:38:31.413598 00:16:3e:01:80:a0 > Broadcast, ARP, length 60: arp who-has 192.168.12.101 tell 192.168.2.147
19:38:31.552868 00:1b:21:b9:9f:d4 > Broadcast, ARP, length 60: arp who-has 192.168.10.204 tell 192.168.0.16
19:38:31.755612 00:16:3e:01:79:b5 > Broadcast, ARP, length 60: arp who-has 192.168.2.220 tell 192.168.9.95
19:38:31.807056 00:16:3e:01:82:fd > Broadcast, ARP, length 60: arp who-has 192.168.14.43 tell 192.168.2.121
回复 13# 的帖子
联系一下机房处理吧
页:
[1]