remove an IP from the cphulkd blacklist
User root blocked – cPHulk Brute Force Protection
Source: http://hostechs.com/2008/10/user-root-blocked-cphulk-brute-force-protection
Had a few clients lately blocking them self out and when i say blocking i mean blocking the user root because of them inserting the wrong password more then X times when Brute Force Protection was enabled on the server.
Of course that they were unable to login anymore to the server using the root user and more to it no one was able to login over an ssh connection.
A way around this is to access the server in single user and delete the blocked users:
mysql cphulkd
mysql> delete from brutes;
mysql> delete from logins;
mysql> quit
Now this happens usually if the following setting is set to low when setting up Brute Force Protection:
Maximum Failures By Account:
For anyone who has this kind of issues you may want to create a second user on the server and add that user to the sudoers /etc/sudoers group so that if you block the root user out you will still be able to access the server and fix the problem.
All this goes also for anyone who uses another user to connect to the server and has root ssh access disabled.
How to remove an IP from the cphulkd blacklist
Source : http://openhelp.info/index.php?option=com_content&task=view&id=60&Itemid=33
:-cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services
by guessing the login password for that service.
It blacklists IPs that it thinks are trying to run a brute force attack.
Just follow the below steps for removing the black listed IP:-
1)Login to MySQL .
root@server [/var/log]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 425476 to server version: 3.23.58
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
mysql> show databases;
+——————-+
| Database |
+——————-+
| cphulkd |
| eximstats |
| horde |
| mail |
| mirror_com |
| mysql |
+——————-+
9 rows in set (0.02 sec)
2) "use" the cphulkd database and show tables inside the cphulkd database.
mysql> use cphulkd
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+——————————+
| Tables_in_cphulkd |
+——————————+
| auths |
| brutes |
| logins |
+—————————– +
3 rows in set (0.00 sec)
mysql>
3)Check the black listed IP’s in the tables brutes and logins.
mysql> select * from brutes;
+————–+—————————————————————–+
| IP | NOTES |
+————–+—————————————————————–+
| 24.90.253.66 | 6 login failures to ad@ope.inad@ope.in This email address is being protected from spam bots, you need Javascript enabled to view it (ftp) |
+————–+—————————————————————–+
1 row in set (0.00 sec)
mysql>
4)Remove the iP Address s from the table and restart cPanel service.
mysql> delete from brutes where IP=’11.20.254.56′;
Query OK, 1 row affected (0.00 sec)
mysql>
5) Restart cPanel service.
service cpanel restart
This will fix the issue.
Note:-Error log for cphulkd is /usr/local/cpanel/logs/cphulkd_errors.log
If you want to remove all the IP’s which are balacklisted by the cPhulkd.
Then just issue the folowing MySQL query:-
delete from brutes ; ( Brutes is the table name here)