AWS Ec2 sending out > 10TB a month

Question

I have received some alerts from AWS that my instance is sending out large amounts of data to some websites. Close to and greater than 10TB a month.

I have wordpress and apache installed on this ec2.

I ran iftop from this answer.

I get this result

ip-xx-xxx-x-xx.xx-xxx-x.compute.xxxxx      => xxx.xx.xx.x 4.33kb  48.2kb  59.6kb                                                                                  <=                                                                                             141kb  3.45Mb  4.18Mb
ip-xx-xxx-x-xx.xx-xxx-x.compute.xxxxx      => yyy.yyy.yy.yyy 20.7kb  23.9kb  9.22kb

If I run nethogs I get

?     root     my-ec2-ipaddress:randomportnumber-externalipaddress:80                                                                                                                                   0.021       0.182 KB/sec
?     root     my-ec2-ipaddress:randomportnumber-externalipaddress:80                                                                                                                                   0.021       0.12 KB/sec
?     root     my-ec2-ipaddress:randomportnumber-externalipaddress:80                                                                                                                                   0.021       0.185 KB/sec
?     root     my-ec2-ipaddress:randomportnumber-externalipaddress:80                                                                                                                                   0.021       0.152 KB/sec

How do I find the offending program ?

AWS Ec2 sending out > 10TB a month

0 Answers0