The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brute Force Locked Me Out

Discussion in 'Security' started by vegaskev, Feb 2, 2012.

  1. vegaskev

    vegaskev Member

    Joined:
    Feb 2, 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have cPHulk enabled on my server. I also have my IP whitelisted. I went to access WHM and was given the BRUTE FORCE PROTECTION LOCKOUT message. I thought that maybe it was slightly possible that I entered the wrong password so I waited until I could enter the username and password again....

    Upon entering the username and password again, I faced the same BRUTE FORCE message.

    I know FOR A FACT that my IP address is whitelisted. And I entered the username and password key-by-key the second time to be 100% sure that I entered it correctly but I was still locked out.

    Did some forum searches and found some results through SSH, however, I am also locked out of SSH.

    Now what can I do?

    Thanks in advance for any assistance.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you are locked out of both SSH and WHM, then unfortunately you would need to ask your datacenter, NOC or provider to physically access the machine to disable cPHulk for the time being. This is the command that would need to be issued in root SSH in order to disable cPHulk Brute Force Protection:

    Code:
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable
     
  3. vegaskev

    vegaskev Member

    Joined:
    Feb 2, 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    @cPanelTristan

    Thank you for your response. Unfortunately I made the mistake of using GoDaddy *pause for laughter*, so as I'm sure you already know they will be of no assistance, as I can prove from my conversation with them last night. Any other suggestions?

    Thanks in advance.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    They should have to be of assistance if you're locked out. You might try forcing the issue over there.

    Or, drop by a friends house and log in to your server from there, you'd be on a different not blocked IP.
     
  5. big_bull

    big_bull Well-Known Member

    Joined:
    Nov 19, 2006
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    If you got the access, flush the DB or disable it by provided command, or the IP being blocked can be deleted by

    echo "delete from brutes; delete from logins;" | mysql cphulkd

    The question is that, why its treated as Brute Force attack though correct password is used... as I was blocked many times and able to access the WHM only when the IPs deleted from the DB.
     
    #5 big_bull, Feb 4, 2012
    Last edited: Feb 4, 2012
  6. hoststop

    hoststop Well-Known Member

    Joined:
    Dec 6, 2011
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Bolton, UK
    cPanel Access Level:
    Root Administrator
    This depends on the type of connection initiated from the local machine to the server. A in depth look at the logs should help in understanding the exact reason.
     
Loading...

Share This Page