Most of the web administrators who generally deal with WHM control panels may occasionally face a fatal error regarding Brute Force Protection. Many web admins have faced or may face this error due to some specific reason.
Infrequently, when a user or website administrator attempts to log in to cPanel™ WebHost Manager (WHM), or remote or local log in via Telnet or SSH to Linux console to the web server, the login is denied and not allowed. The following error message may appear.
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
The brute force protection on a cPanel-powered web host is provided by cPHulk, which prevents malicious forces from trying to access the server services by guessing the login password for that service. When an account on the system has experienced too many failed login attempts, the particular account will automatically be protected by forbidding further login attempts, including the all-important root account. cPHulk Brute Force Protection will also block out an IP address that has been detected to send too many unauthorized login attempts.
As a result, server owners are potentially been locked out of the server if the cPHulkd is enabled, even the wild-guessing brute force hacking is done by hackers in another corner of the world.
When WHM locks out a user account, particularly the root, the best way is to wait for 10 minutes to see if the account will be unlocked. If the locks persist, the webmaster and administrator who still can remote login via SSH to the server as root can manually remove the lockouts via the following steps:
- Type mysql at the console to access MySQL client.
- At the MySQL client prompt, enter the following commands (preceding with mysql>)one after one, pressing Enter each time:
mysql> use cphulkd;
Expected result: Database changed.
mysql> BACKUP TABLE `brutes` TO /path/to/backup/directory;
mysql> BACKUP TABLE `logins` TO /path/to/backup/directory;
The above command will backup the brutes table, the main table used by cPHulk to record locked accounts and denied IP addresses.
mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins`;
The above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again. If you are familiar with SQL statements, it’s possible to use WHERE clause to specify logins or IP addresses that you want to remove only.
Exit MySQL client.
If you can’t log in to the server due to brute force protection, you probably have to contact web hosting service provider support to physically access the server to remove the Brute Force Protection. To avoid future blockage or lockout, it’s recommended to add your own IP address to Trusted Hosts List whitelist in cPHulk Brute Force Protection. To do so, go to WHM -> Security -> Security Center -> cPHulk Brute Force Protection. Inside configure cPHulk, click the Trusted Hosts List link.
Brute Force Protection is furnished to give you full control panel security. So there is not much to worry about if you see this problem.