User "root" locked out after failed login attempts

trbrack

Registered
Jun 3, 2014
1
0
1
cPanel Access Level
Root Administrator
I get lots of email stating:

Large Number of Failed Login Attempts from IP XX.XXX.XXX.XXX

The email then provides a link to blacklist these IP's

Please use the following links to add to the black list:

Single IP: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX
/24: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX
/16: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX

I click on the link to blacklist the ips but user "root" has been blocked so I cannot even login to block these ips.

My ip is also whitelisted.

Any advice?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello :)

If the lockout continues and you can not access SSH, then you may need to obtain console access and disable cPhulk with commands such as:

Code:
for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
Note that some users disable cPHulk and utilize a third-party application (e.g. CSF/LFD) to handle brute force attacks. This may be an option for you to consider.

Thank you.