Unlock WHM From Brute Force Error

Posted by cikul | Posted in cpanel, Linux | Posted on 12-03-2011-05-2008

1

cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service. BUT sometimes it becomes troublesome when you are accessing the cPanel with incorrect password and cPanel assuming you as attacker blocks you with below message :

—————————————————————————————
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
—————————————————————————————

to solve from this situation you can disable cphulkd protection :

  1. login via ssh and disable cphulkd using the command below.
    root@host [~]# /usr/local/cpanel/etc/init/stopcphulkd
  2. This will disabled brute force protection and allow you to login to WHM and double check your cphulk settings.
  3. You Flush all IP addresses that have been blocked with cPHulk :
    WHM -> Security -> Security Center -> cPHulk Brute Force Protection -> Flush DB
  4. After Finish, Make Sure to restart cphulkd protection from SSH, simply fire the following command
    root@host [~]# /usr/local/cpanel/etc/init/startcphulkd

Other way is removing the IP’s blocked by cPHulk from its database .

ssh to the server login as root and type the following at the prompt

[root@server:] mysql
mysql> use cphulkd;
mysql>BACKUP TABLE brutes TO ‘/path/to/backup/directory’;
mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql>quit

Incoming search terms:

how to flush cphulkd from command line | 

Share and Enjoy

Comments posted (1)

Nice article and really help me.. I was logged in to WHM and I think someone on my internal network tried to logged in too. Suddenly I got logged out and can’t logged ini. I have feeling maybe cPHulk became active and block our IP. So I couldn’t get logged in..
After I tried to disabled cPHulk from CLI, I can login again..

Write a comment

*