I was curious has anyone else seen this happen or know of a solution. It's been a known case recently that repeat failed logins from a single user may result in the user's access getting temporarily terminated. I'm wondering if it's possible for some sort of feature request to whitelist root user from an IP range. I know it's possible to whitelist a range as that's done, but there are times where root may be brute forced, thus locking out root user, not allowing us to login to a server for a half hour or so.
I guess if you want to test this occurrence, whitelist your IP, then fail a login with root user using another IP 10 times, then try to login with root via another IP or the white listed IP. For some reason on several of our servers, our root user actually gets blocked.
You sure it's CpHulkd doing that?
I just brute force attempted WHM with the root account until it got blocked and then tried to login from an IP that was whitelisted and didn't have any problems connecting back in again.
We do have a back door "trigger" URL that when it shows up in the server logs file tells a monitoring process to wipe all blocks and reset both CpHulk and CSF blocks on our servers. We have not really ever had to use it but you might want to do something similar as a "failsafe" measure.
Last edited:
We were only allowed back into the server when flushing the cphulkd database. Of course this user was already logged into WHM to flush at this occurrence. This has happened in more than one occasion and I have not been able to find anything on this event.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| N | Security Questions for root (WHM) only (and not cPanel users) ? | Security | 2 | |
|
SSH access for a non root user | Security | 2 | |
| V | crontab behaving differently with root and user | Security | 6 | |
| T | Login to cPanel user with reseller or root password | Security | 2 | |
| T | User "root" locked out after failed login attempts | Security | 1 |