Tag: recovery

Linux – Rescue disk how to reset root password and unblock yourself if locked out

Centos as test server

Current situation – you are locked out, cant use WHM or SSH or anything else to login.
You may or may not remember the password. In any case you can reproduce the following steps to unblock yourself.

1. Use any other linux OS cd which can run live. I prefer FINNIX iso for such cases
2. Mount your main disk. 

mount /dev/vda1 /mnt

3. Reset password if needed to

chroot /mnt passwd

4. Enter new password for root and confirm
5. Reboot and done.

In case you have been locked out due to WHM cpanel:
1. Use any other linux OS cd which can run live. I prefer FINNIX iso for such cases
2. Mount your main disk. 

mount /dev/vda1 /mnt

3. Stop cphulk service for brute force protection

chroot /mnt /usr/local/cpanel/etc/init/stopcphulkd
chroot /mnt /usr/local/cpanel/bin/cphulk_pam_ctl --disable

4. Disable the lock for cphulk so that it does not start automatically after restart

chroot /mnt rm /var/cpanel/hulkd/enabled

5. Reboot and done

METHOD 2 – in case you are blocked at firewall level

In case you have been locked out due to WHM cpanel and just want to whitelist yourself:
1. Use any other linux OS cd which can run live. I prefer FINNIX iso for such cases
2. Mount your main disk. 

mount /dev/vda1 /mnt

3. Stop cphulk service for brute force protection

chroot /mnt /usr/local/cpanel/etc/init/stopcphulkd
chroot /mnt /usr/local/cpanel/bin/cphulk_pam_ctl --disable

4. Disable the lock for cphulk so that it does not start automatically after restart

chroot /mnt /scripts/cphulkdwhitelist XXX.82.6.156

5. Remove yourself from firwall

chroot /mnt whmapi1 flush_cphulk_login_history_for_ips ip=XXX.82.6.156

6. Reboot and done


Remove lockouts
If the cPHulk service locks you out of your cPanel account, the /scripts2/doautofixer?autofix=disable_cphulkd script in WHM can disable cPHulk and allow you to log in.

For example, log in to WHM and navigate to https://www.example.com:2087/scripts2/doautofixer?autofix=disable_cphulkd, where www.example.com represents your server’s hostname.

If you enabled the Block IP addresses at the firewall level if they trigger brute force protection or the Block IP addresses at the firewall level if they trigger a one-day block options in WHM’s cPHulk Brute Force Protection interface (WHM >> Home >> Security Center >> cPHulk Brute Force Protection), remove the iptables rule that the system created. To do this, run the following command:

iptables -F cphulk && mysql -e "Delete from cphulkd.login_track;"