Centos as test server
Current situation – you are locked out, cant use WHM or SSH or anything else to login.
You may or may not remember the password. In any case you can reproduce the following steps to unblock yourself.
1. Use any other linux OS cd which can run live. I prefer FINNIX iso for such cases
2. Mount your main disk.
mount /dev/vda1 /mnt
3. Reset password if needed to
chroot /mnt passwd
4. Enter new password for root and confirm
5. Reboot and done.
In case you have been locked out due to WHM cpanel:
1. Use any other linux OS cd which can run live. I prefer FINNIX iso for such cases
2. Mount your main disk.
mount /dev/vda1 /mnt
3. Stop cphulk service for brute force protection
chroot /mnt /usr/local/cpanel/etc/init/stopcphulkd chroot /mnt /usr/local/cpanel/bin/cphulk_pam_ctl --disable
4. Disable the lock for cphulk so that it does not start automatically after restart
chroot /mnt rm /var/cpanel/hulkd/enabled
5. Reboot and done
METHOD 2 – in case you are blocked at firewall level
In case you have been locked out due to WHM cpanel and just want to whitelist yourself:
1. Use any other linux OS cd which can run live. I prefer FINNIX iso for such cases
2. Mount your main disk.
mount /dev/vda1 /mnt
3. Stop cphulk service for brute force protection
chroot /mnt /usr/local/cpanel/etc/init/stopcphulkd chroot /mnt /usr/local/cpanel/bin/cphulk_pam_ctl --disable
4. Disable the lock for cphulk so that it does not start automatically after restart
chroot /mnt /scripts/cphulkdwhitelist XXX.82.6.156
5. Remove yourself from firwall
chroot /mnt whmapi1 flush_cphulk_login_history_for_ips ip=XXX.82.6.156
6. Reboot and done
—
Remove lockouts
If the cPHulk service locks you out of your cPanel account, the /scripts2/doautofixer?autofix=disable_cphulkd script in WHM can disable cPHulk and allow you to log in.
For example, log in to WHM and navigate to https://www.example.com:2087/scripts2/doautofixer?autofix=disable_cphulkd
, where www.example.com represents your server’s hostname.
If you enabled the Block IP addresses at the firewall level if they trigger brute force protection or the Block IP addresses at the firewall level if they trigger a one-day block options in WHM’s cPHulk Brute Force Protection interface (WHM >> Home >> Security Center >> cPHulk Brute Force Protection)
, remove the iptables rule that the system created. To do this, run the following command:
iptables -F cphulk && mysql -e "Delete from cphulkd.login_track;"
Leave a Reply