cPHulk Brute Force Protection
It is essential protection system to have on the the server. The only problem arises when you yourself locked out of your server due to cPHulk
You can use to execute the following script via WHM
/scripts2/doautofixer?autofix=disable_cphulkd
To do so type the following line into your browser’s address bar:
http://yourserver.com:2086:/scripts2/doautofixer?autofix=disable_cphulkd
Note :: yourserver.com shall be replaced with your servers HostName or IP
Still if you not able to login to the server. You may use the following way to get the cPHulk database flushed.
cPHulk stores all of its information in a database called cphulkd. There are two tables of interest: logins and brutes
The logins table stores login authentication failures. The brutes table stores other authentication failures indicative of a brute force attack
You can check it as I did, login to the server as root using SSH and got to mysql prompt
root@loudwater [~]# mysql
Now Connect to the cphulkd Database
mysql> connect cphulkd
To get your self unblocked first check the blacklisted IPs
mysql> select IP, LOGINTIME from logins order by LOGINTIME;
mysql> select IP, BRUTETIME from brutes order by BRUTETIME;
Now Flush the cPHulk Database
mysql> delete from brutes;
mysql> delete from logins;
You can verify it again by using the same procedure this time you should get output as below
If you wish to disable cPHulk use following command
/usr/local/cpanel/bin/cphulk_pam_ctl –disable
To enable cPHulk use
/usr/local/cpanel/bin/cphulk_pam_ctl –enable.
