Root User locked out (CPHULKD)

**BattousaiX** · 09-05-2009 07:06 AM

I was curious has anyone else seen this happen or know of a solution. It's been a known case recently that repeat failed logins from a single user may result in the user's access getting temporarily terminated. I'm wondering if it's possible for some sort of feature request to whitelist root user from an IP range. I know it's possible to whitelist a range as that's done, but there are times where root may be brute forced, thus locking out root user, not allowing us to login to a server for a half hour or so.

**Spiral** · 09-05-2009 11:35 AM

I'm not sure I entirely follow your question exactly ...

On our servers, we generally whitelist the IPs for the administrators
so that cpHulk ignores login attempts originating from us and we
have never had any problems getting "locked out" ourselves.

**BattousaiX** · 09-05-2009 12:12 PM

I guess if you want to test this occurrence, whitelist your IP, then fail a login with root user using another IP 10 times, then try to login with root via another IP or the white listed IP. For some reason on several of our servers, our root user actually gets blocked.

**Spiral** · 09-05-2009 12:19 PM

Originally Posted by BattousaiX

I guess if you want to test this occurrence, whitelist your IP, then fail a login with root user using another IP 10 times, then try to login with root via another IP or the white listed IP. For some reason on several of our servers, our root user actually gets blocked.

You sure it's CpHulkd doing that?

I just brute force attempted WHM with the root account until it got blocked and then tried to login from an IP that was whitelisted and didn't have any problems connecting back in again.

We do have a back door "trigger" URL that when it shows up in the server logs file tells a monitoring process to wipe all blocks and reset both CpHulk and CSF blocks on our servers. We have not really ever had to use it but you might want to do something similar as a "failsafe" measure.

**BattousaiX** · 09-05-2009 12:24 PM

We were only allowed back into the server when flushing the cphulkd database. Of course this user was already logged into WHM to flush at this occurrence. This has happened in more than one occasion and I have not been able to find anything on this event.

**BattousaiX** · 09-07-2009 05:41 PM

Any other users experience this or have a solution?

LinkBack

Thread Tools

Root User locked out (CPHULKD)

Locked out by cPHulkd

API to check whether the suspended domain is locked by root

cphulk has locked out "root"

Bandwitdh logged on root account when browsing to root/~USER, is this by design?

Does the user for cpanel is the root user for mysql?