Fix cPHulk Brute Force Protection lock out

In this article I’m going to show you how you can fix a cPHulk Brute Force Protection lock out that you might have accidentally triggered.

It’s my server, why would cPHulk block me?

If you’ve read my previous article on how to enable cPHulk Brute Force Protection, then you should already know that cPHulk blocks login access to core cPanel services for a set amount of time. In some cases you might have kept trying to type in your password incorrectly, and inadvertently got yourself blocked by cPHulk.

Of course you can add your own IP address to the cPHulk white list to prevent failed login attempts coming from your IP to trigger a cPHulk blocking. But if you’ve already gotten yourself blocked, then you’d need to wait the amount of time you’ve set for a block to expire.

In this article I’m going to explain how to SSH directly to your server to reset the cPHulk data, so that you can regain access again.

Just like it’s required to enable cPHulk Brute Force Protection, you also need root access to your server in order to reset the cPHulk data.

Reset cPHulk data to regain access

  1. Login to your server via SSH as the root user.
  2. Run the following command to see login attempts that have happened:

    mysql -e “select * from cphulkd.logins;”

    In this case we can see that we had some login attempts to an email account [email protected] from the IP address 123.123.123.123:

    +——————+—————+———+——–+———————+
    | USER | IP | SERVICE | STATUS | LOGINTIME |
    +——————+—————+———+——–+———————+
    | [email protected] | 123.123.123.123 | mail | 0 | 2013-02-27 13:04:25 |
    | [email protected] | 123.123.123.123 | mail | 0 | 2013-02-27 13:04:29 |
    | [email protected] | 123.123.123.123 | mail | 0 | 2013-02-27 13:04:39 |
    | [email protected] | 123.123.123.123 | mail | 0 | 2013-02-27 13:04:41 |
    | [email protected] | 123.123.123.123 | mail | 0 | 2013-02-27 13:04:48 |
    | [email protected] | 123.123.123.123 | mail | 0 | 2013-02-27 13:04:54 |
    +——————+—————+———+——–+———————+

  3. Next run the following command to find detected bruce force attempts:

    mysql -e “select * from cphulkd.brutes;”

    Here we can see that those email account login attempts cause a brute force block on the IP:

    +—————+——————————————————————————————————————–+———————+———————+
    | IP | NOTES | BRUTETIME | EXPTIME |
    +—————+——————————————————————————————————————–+———————+———————+
    | 123.123.123.123 | 5 failed login attempts to account [email protected] (mail) — Large number of attempts from this IP: 123.123.123.123 | 2013-02-27 13:04:54 | 2013-02-27 13:09:54 |
    +—————+——————————————————————————————————————–+———————+———————+

    If you wanted to, you could simply wait until the EXPTIME which is the expiration time that the block will expire, and then you’ll be able to login again.

  4. If you wanted to go ahead and clear out the block, and regain access right away, then you can run the following commands to re-allow access for the 123.123.123.123 IP address:

    mysql -e “delete from cphulkd.logins where IP=’123.123.123.123′;”
    mysql -e “delete from cphulkd.brutes where IP=’123.123.123.123′;”

You should now understand how you can reset your cPHulk data so that you can regain access to your core cPanel services in the event you accidentally got yourself locked out.

IC
InMotion Hosting Contributor

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

10 Comments

Was this article helpful? Let us know!