Today we were locked out on one of our server by cPHulkd. When trying to access the server from WHM we were getting the following message. Thus not allowing us to login into WHM also we were not able to access shell.
—————————————————————————————
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
—————————————————————————————
This is done by ‘cPHulkd’ - Cpanel Brute Force Protection service: this service monitors failed authentication attempts and locks out accounts after the threshold is met.
To re-enable your account, login via ssh and disable cPHulkd using the command below.
- Code: Select all
# /usr/local/cpanel/bin/cphulk_pam_ctl --disable
This should allow you to login to WHM and double check your cPHulk settings.
You can view IP addresses that have been blocked via the WHM interface: WHM -> Security -> Security Center -> cPHulk Brute Force Protection in the Brutes table. On that screen, you can also customize brute force protection settings.
Flush DB will remove all blocked IPs:
WHM -> Security Center -> cPHulk Brute Force Protection -> Click on Flush DB
Well the other way to this is given below.
SSH to the server login as root and type the following at the prompt
- Code: Select all
mysql
mysql> use cphulkd;
mysql>BACKUP TABLE brutes TO ‘/path/to/backup/directory’;
mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql>quit
or simply
- Code: Select all
mysql -e "delete from cphulkd.brutes where 'IP' ='xxx.xxx.xxx.xxx';"
Hopefully this helps you as well.
