Single email account can't login or change password

[smartmoney]

Start off i am a beginner level user and this is mostly for personal use and learning. It is my server/whm account
I have a single account (family member) that i cannot access any longer using imap. I thought it might be a password issue but i cannot login using webmail either. I then went to cpanel and changed the password and choose "Access Webmail" while logged in. I get the next screen to choose the webmail application and choose "roundcube" and i get the error "login failed" with a blank username and password box. I checked and have my ip whitelisted so its not blocking me as i can login to other email accounts on the same domain.

error in /var/log/maillog
server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<emailaddress@removed/cpses_paewtytjpk>, method=PLAIN, rip=::1, lip=::1, secured, session=<GhtefGRS3JEAAAAAAAAAAAAAAAAAAAAB>

If i try to login to the domain.com/webmail instead of going through cpanel i get the login box, type in email address and password and the next screen again i get to choose the webmail application and choose squirrel mail instead and i get "error please login first go to the login page" and the error in var/log/maillog
Jun 20 09:00:35 server dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<KHnwrGRSdpIAAAAAAAAAAAAAAAAAAAAB>
Jun 20 09:00:37 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<emailaddress@removed>, method=PLAIN, rip=::1, lip=::1, secured, session=<r4XwrGRSeJIAAAAAAAAAAAAAAAAAAAAB>

What could be wrong that this single account i can no longer access?

 

[cPanelMichael]

Hello,

Is cPHulk brute force detection enabled on this system? If so, browse to "WHM >> Security Center >> cPHulk Brute Force Detection" and click on the "History Reports" tab to see if the email account is a blocked user. Also, in cPanel, under Email Accounts, click on the "More" button next to the affected email user to verify the login is not suspended.

Thank you.

 

[smartmoney]

Hello,

Is cPHulk brute force detection enabled on this system? If so, browse to "WHM >> Security Center >> cPHulk Brute Force Detection" and click on the "History Reports" tab to see if the email account is a blocked user. Also, in cPanel, under Email Accounts, click on the "More" button next to the affected email user to verify the login is not suspended.

Thank you.

Thanks Machael,
I did check that the account was not suspended, I actually suspended and un-suspended to make sure before I posted.
I also checked the cPHulk and did whitelist her ip address but never checked her actual email address under "blocked users" and sure enough it is blocked. I disabled cPHulk and was able to login just to check so you were correct her email address was in there as a "blocked user"
Now I know how to unblock/whitelist/blacklist a ip addresses (have a long list of foreign ip's in there) but how do you unblock a cpanel user account/ftp/email address? The email address listed in the "blocked users" is there but the IP is not one she had been using. I was afraid to click the big blue "Remove Blocks and Clear Reports" button as I don't want to remove ALL the auto blocks in there (and there are many)

 

[cPanelMichael]

Now I know how to unblock/whitelist/blacklist a ip addresses (have a long list of foreign ip's in there) but how do you unblock a cpanel user account/ftp/email address?

Hello,

With "Username-based Protection" in cPHulk, it only blocks users for 5 minutes by default. You can configure this value with the “Brute Force Protection Period (in minutes)” option under the "Configuration Settings" tab in "WHM >> cPHulk Brute Force Protection". If you want to clear the existing blocks, you have to click on the "Remove Blocks and Clear Reports" option under the "History Reports" tab. This won't remove entries from your whitelists and blacklists.

Thank you.