InMotion Hosting Support Center

In this article I'm going to show you how you can fix a cPHulk Brute Force Protection lock out that you might have accidentally triggered.

It's my server, why would cPHulk block me?

If you've read my previous article on how to enable cPHulk Brute Force Protection, then you should already know that cPHulk blocks login access to core cPanel services for a set amount of time. In some cases you might have kept trying to type in your password incorrectly, and inadvertently got yourself blocked by cPHulk.

Of course you can add your own IP address to the cPHulk white list to prevent failed login attempts coming from your IP to trigger a cPHulk blocking. But if you've already gotten yourself blocked, then you'd need to wait the amount of time you've set for a block to expire.

In this article I'm going to explain how to SSH directly to your server to reset the cPHulk data, so that you can regain access again.

Just like it's required to enable cPHulk Brute Force Protection, you also need root access to your server in order to reset the cPHulk data.

Reset cPHulk data to regain access

  1. Login to your server via SSH as the root user.
  2. Run the following command to see login attempts that have happened:

    mysql -e "select * from cphulkd.logins;"

    In this case we can see that we had some login attempts to an email account from the IP address

    | | | mail | 0 | 2013-02-27 13:04:25 |
    | | | mail | 0 | 2013-02-27 13:04:29 |
    | | | mail | 0 | 2013-02-27 13:04:39 |
    | | | mail | 0 | 2013-02-27 13:04:41 |
    | | | mail | 0 | 2013-02-27 13:04:48 |
    | | | mail | 0 | 2013-02-27 13:04:54 |

  3. Next run the following command to find detected bruce force attempts:

    mysql -e "select * from cphulkd.brutes;"

    Here we can see that those email account login attempts cause a brute force block on the IP:

    | | 5 failed login attempts to account (mail) -- Large number of attempts from this IP: | 2013-02-27 13:04:54 | 2013-02-27 13:09:54 |

    If you wanted to, you could simply wait until the EXPTIME which is the expiration time that the block will expire, and then you'll be able to login again.

  4. If you wanted to go ahead and clear out the block, and regain access right away, then you can run the following commands to re-allow access for the IP address:

    mysql -e "delete from cphulkd.logins where IP='';"
    mysql -e "delete from cphulkd.brutes where IP='';"

You should now understand how you can reset your cPHulk data so that you can regain access to your core cPanel services in the event you accidentally got yourself locked out.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

n/a Points
2018-07-06 1:51 am

i cannot access to the given commands in GCE

2,863 Points
2018-07-06 11:33 am
Sorry to see that. What is the error you are receiving when you run the command?
n/a Points
2018-07-06 1:40 am

Does the command work in Google Cloud Server instances SSH?

2,863 Points
2018-07-06 11:35 am
It appears that MySQL is able to be implemented with their services. However, cpHulk may not be.

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

4 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!