Archive for the ‘Security’ Category

Account Lock Out

No Comments »

Working on a clients account and suddenly or quite randomly you see:

This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.

OH noes! You got locked out of the WHM from your work workstation while doing work. I know
you all don’t do this at work while you’re supposed to be doing your to do pile. But once you
get home you can remove yourself or use your colleagues PC that they left unlocked.

You will want to remove your IP address or flush the entire cphulk database which will remove all blocked IPs:

WHM -> Security Center -> cPHulk Brute Force Protection -> Click on Flush DB

The down side to this is you need to be able to access the server through the WHM. Your other option you access? Via SSH.

Heres the first one via MySQL:

mysql> use cphulkd;

Expected result: Database changed.

mysql> BACKUP TABLE `brutes` TO ‘/path/to/a/backup/directory’;
mysql> BACKUP TABLE `logins` TO ‘/path/to/a/backup/directory’;

The above command will backup the brutes table and the logins table used by cPHulk to record locked accounts and denied IP addresses just in case we break something.

mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins
mysql> quit;

The delete commands will remove all blocked IP addresses and any locked accounts from the server, enabling full access again.

Here is the less dangerous but easier to use way:

/usr/local/cpanel/bin/cphulk_pam_ctl –disable