User "root" locked out after failed login attempts

[trbrack]

I get lots of email stating:

Large Number of Failed Login Attempts from IP XX.XXX.XXX.XXX

The email then provides a link to blacklist these IP's

Please use the following links to add to the black list:

Single IP: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX
/24: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX
/16: /https://yada.mydomain.com:2087/cgi/bl.cgi?ip=XX.XXX.XXX.XXX

I click on the link to blacklist the ips but user "root" has been blocked so I cannot even login to block these ips.

My ip is also whitelisted.

Any advice?

 

[cPanelMichael]

Hello

If the lockout continues and you can not access SSH, then you may need to obtain console access and disable cPhulk with commands such as:

for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
/usr/local/cpanel/bin/cphulk_pam_ctl --disable

Note that some users disable cPHulk and utilize a third-party application (e.g. CSF/LFD) to handle brute force attacks. This may be an option for you to consider.

Thank you.