My linode is just a sandbox right now for me to play with things, there shouldn't really be any other traffic than myself visiting. For the first few months my bandwidth IO graphs reflected that, it would be at zero except when I visited or a cron fired off an email.
2 days ago I started getting a sustained 1kb/s in, and 1 out. Now it's up to 1kb/s in and 2 out.
I only have a few scattered search engine spiders in my nginx log files, certainly not enough for sustained traffic 24/7. I noticed more ssh hacking attempts, but I've added a few ip addresses to my firewall and most are getting blocked.
How can I figure out this spike in outbound network traffic?
So far I've viewed netstat -a output (which didn't have anything malicious), and I've checked on the logs to see what's getting updated:
Code:
ls -alt /var/log
Am I being paranoid? Want to make sure my box isn't crapping out spam emails or something worse.