• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

How to Detect VPS Abuse: Crypto Mining, Spam, and Bad Bots

johny899

johny899

New Member
Content Writer
Messages
836
Reaction score
3
Points
23
Balance
$1,022.5USD
Have you ever gone to check your VPS and thought, “What on earth is going on with my server?” Yes, I’ve been there, many times, and in most cases, the answer is simple: abuse of your VPS. Let’s discuss how to detect VPS abuse before it affects you in a significant way.

What is VPS Abuse?​

There are three common ways that you can have abuse of your VPS: crypto mining, spam and bad bots. All three slow your server down, abuse your resources, or may even get your IP address blocked.

Crypto Mining​

Hackers *love* copying the mining to your bill and not theirs! Annoying, right? Here’s what you should look for to make the determination:
  • CPU stays extremely high
  • Load jumps +0.5 at nonsensical intervals
  • Weird or random process running using excessive power.
My usual check is to look at top or htop. Once I see a weird process, that is using an unnecessary amount of CPU, I know it's time to take action.

Spam Attacks​

If someone is using your VPS to disseminate spam emails, your IP address will be blacklisted quickly. I have been through this once, and it was an unfortunate event. You can check for issues:
  • Mail queue is growing.
  • Emails you did not send.
  • Mail logs containing errors.
When I had “failed delivery” messages rolling through in all of my logs, I suspected a spam script was running.

Bad Bots​

Bad bots encompass scrapers, scanners, and bruteforce tools.

You can determine bad bot issues when:
  • Start getting large spikes in network traffic.
  • Logs fill with odd user agents.
  • Requests are continuous and pro-longed on your server.
I always think to myself, "Why do bots like to attack my server?" Your guess is as good as mine.

Simple Ways to Identify Abuse​

Here are some easy checks that always help me:

• Monitor CPU and RAM

If they are consistently high, consider something isn’t right.

• Look for network traffic

Too much outgoing traffic could mean spam or bots.

• Review logs

Logs always tell the truth.

• Look into things like:
  • Netdata (live server stats)
  • Fail2Ban (blocks bad logins)
  • ClamAV (malware checker)
Things like these have saved me countless times.

Why This Is Important​

If you ignore VPS abuse, expect:
  • Large bills
  • IP blacklisting
  • Security issues
  • Slow servers
None of these things are good.
 
You must log in or register to reply here.

Support / Help Desk

Blog - (WHV)

Hosting Reviews

Navigation

  1. WHV Forums
    1. WHV - Announcements
    2. General Discussion
    3. Introduction
    4. Web Hosting Forum
    5. Help
    6. News
  2. Marketplace
    1. VPS Offers
    2. Dedicated Server Offers
    3. Shared Hosting Offers
    4. Reseller Hosting Offers
    5. Other Offers (Not Hosting)
    6. Domains
  3. Web Hosting Discussion
    1. Hosting Software & Control Panels
    2. Other Hosting Tutorials
    3. Reviews
    4. Articles
    5. Offtopic
  4. Web Hosting Tutorials
    1. cPanel Tutorials
    2. WHM Reseller Tutorials
    3. DirectAdmin Tutorials
    4. Blesta Tutorials
    5. WHMCS Tutorials
  5. Hosting Extensions
    1. WHMCS Market
    2. Blesta Market
    3. HostBill Market
Top