WHM locked out – cphulkd
cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service. BUT sometimes it becomes troublesome when you are accessing the cPanel with incorrect password and cPanel assuming you as attacker blocks you with below message :
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
To get out of such situation you can disable cphulkd protection :
login via ssh and disable cphulkd using the command below.
# /usr/local/cpanel/bin/cphulk_pam_ctl –disable
This should allow you to login to WHM and double check your cphulk settings.
You can view IP addresses that have been blocked via the WHM interface: WHM -> Security -> Security Center -> cPHulk Brute Force Protection in the Brutes table. On that screen, you can also customize brute force protection settings.
Flush DB will remove all blocked IPs:
WHM >> Security Center >> cPHulk Brute Force Protection >> Click on Flush DB
Well the other way to this is to remove the IP’s blocked by cPHulk from its database .
ssh to the server login as root and type the following at the prompt
mysql> use cphulkd;
mysql>BACKUP TABLE brutes TO ‘/path/to/backup/directory’;
mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;