The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brute Force blocked me. how to unblock with ssh?

Discussion in 'General Discussion' started by Dreamy, Oct 11, 2009.

  1. Dreamy

    Dreamy Well-Known Member

    Joined:
    Sep 16, 2008
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    # Solved # Brute Force blocked me. how to unblock with ssh? # Solved #

    what kind of command in ssh terminal would show me list of blocked IP addresses?

    how to unblock specified IP ?
     
    #1 Dreamy, Oct 11, 2009
    Last edited: Oct 11, 2009
  2. robbie_troster

    robbie_troster Well-Known Member

    Joined:
    Mar 26, 2009
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    easiest thing to do is just restart your router. It'll change your IP for you.

    Or

    Restart the server and that will clear the brute force.

    Or

    Just wait until the time is up
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Which brute force mechanism are you using? You can find the block in iptables by doing this:

    /sbin/iptables -n -L|grep IP#

    Where IP# is your IP#

    If you know which firewall you are running and the brute force script is part of it, just cd to the location such as /etc/csf or /etc/apf and then egrep for your IP:

    egrep IP# *

    You'll find which files it placed the IP into. After that, then add your IP to the whitelist, which you should always do:

    apf -a IP#
    or
    csf -a IP#

    So you don't get blocked again.

    Thanks.

    [Edit] Guess you already got it figured out and you are using cphulk rather than LFD / BFD. You should still ensure to whitelist your IP, though.
     
    #3 cPanelTristan, Oct 11, 2009
    Last edited: Oct 11, 2009
  4. Dreamy

    Dreamy Well-Known Member

    Joined:
    Sep 16, 2008
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Im root user of the server and I should wait?!
    I waited for 20 mins and it still says Im blocked.
    how to unblock via terminal?

    By the way I have STATIC IP on my router!

    Edit: Fixed, I used following command..
    # echo "delete from brutes; delete from logins;" | mysql cphulkd
     
    #4 Dreamy, Oct 11, 2009
    Last edited: Oct 11, 2009
  5. labahost

    labahost Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    This helped me too. But the question is why I was blocked by "Brute Force" ? (Can it be because Firefox restores tabs opened by me?) But it wasn't happening before.
    Also this command seems to remove blocking temporarily. Does it mean that I'm infected? (I'm accessing it from Ubuntu, so it's not probable) How otherwise this blocking can be triggered? (It seem to have very weird behavior)
     
    #5 labahost, Oct 21, 2009
    Last edited: Oct 21, 2009
Loading...

Share This Page