The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User "root" locked out after failed login attempts

Discussion in 'General Discussion' started by trbrack, Jun 3, 2014.

  1. trbrack

    trbrack Registered

    Joined:
    Jun 3, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I get lots of email stating:

    Large Number of Failed Login Attempts from IP XX.XXX.XXX.XXX

    The email then provides a link to blacklist these IP's

    Please use the following links to add to the black list:

    Single IP: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX
    /24: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX
    /16: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX

    I click on the link to blacklist the ips but user "root" has been blocked so I cannot even login to block these ips.

    My ip is also whitelisted.

    Any advice?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    If the lockout continues and you can not access SSH, then you may need to obtain console access and disable cPhulk with commands such as:

    Code:
    for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable
    Note that some users disable cPHulk and utilize a third-party application (e.g. CSF/LFD) to handle brute force attacks. This may be an option for you to consider.

    Thank you.
     
Loading...

Share This Page