What caused that network spike?
For reference about 20GB of data went out over 2 hours before I rebooted.
It's possible that this was legitimate traffic. However, would you expect your site to generate such a large amount of outbound traffic? On the other hand, it's quite possible that some malicious code was uploaded to your Linode by someone. I'd check recent logins, as well as look for any suspicious files or folders especially in directories where PHP would have write access.
Lots of inbound login attempts still wont explain your traffic spike though.
It's happening again now. I'm looking at tcpdump but not really sure what to look for. Any help?
If you can catch it again you may want to try running this command and then placing it in a pastebin:
tcpdump -nc 1000 -i eth0 not port 22
We might be able to see exactly what it is.
I'm not 100% sure it was happening while that was taken as it seems to have stopped again.