The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root User locked out (CPHULKD)

Discussion in 'General Discussion' started by dcrouch, Sep 5, 2009.

  1. dcrouch

    dcrouch Active Member
    PartnerNOC

    Joined:
    Oct 11, 2004
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    I was curious has anyone else seen this happen or know of a solution. It's been a known case recently that repeat failed logins from a single user may result in the user's access getting temporarily terminated. I'm wondering if it's possible for some sort of feature request to whitelist root user from an IP range. I know it's possible to whitelist a range as that's done, but there are times where root may be brute forced, thus locking out root user, not allowing us to login to a server for a half hour or so.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I'm not sure I entirely follow your question exactly ...

    On our servers, we generally whitelist the IPs for the administrators
    so that cpHulk ignores login attempts originating from us and we
    have never had any problems getting "locked out" ourselves.
     
  3. dcrouch

    dcrouch Active Member
    PartnerNOC

    Joined:
    Oct 11, 2004
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    I guess if you want to test this occurrence, whitelist your IP, then fail a login with root user using another IP 10 times, then try to login with root via another IP or the white listed IP. For some reason on several of our servers, our root user actually gets blocked.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You sure it's CpHulkd doing that?

    I just brute force attempted WHM with the root account until it got blocked and then tried to login from an IP that was whitelisted and didn't have any problems connecting back in again.

    We do have a back door "trigger" URL that when it shows up in the server logs file tells a monitoring process to wipe all blocks and reset both CpHulk and CSF blocks on our servers. We have not really ever had to use it but you might want to do something similar as a "failsafe" measure.
     
    #4 Spiral, Sep 5, 2009
    Last edited: Sep 5, 2009
  5. dcrouch

    dcrouch Active Member
    PartnerNOC

    Joined:
    Oct 11, 2004
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    We were only allowed back into the server when flushing the cphulkd database. Of course this user was already logged into WHM to flush at this occurrence. This has happened in more than one occasion and I have not been able to find anything on this event.
     
  6. dcrouch

    dcrouch Active Member
    PartnerNOC

    Joined:
    Oct 11, 2004
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Any other users experience this or have a solution?
     
Loading...

Share This Page