Most of the web administrators who generally deal with WHM control panel may occasionally face a fatal error regarding Brute Force Protection. Many of web admins have faced or may face this error due to some specific reason.
Infrequently, when user or website administrator attempts to login to cPanel™ WebHost Manager (WHM), or remote or local log in via Telnet or SSH to Linux console to the web server, the login is denied and not allowed. The following error message may appear.
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
The brute force protection on cPanel-powered web host is provided by cPHulk, which prevents malicious forces from trying to access the server services by guessing the login password for that service. When an account on the system has experienced too many failed login attempts, the particular account will automatically been protected by forbidding further login attempts, including all-important root account. cPHulk Brute Force Protection will also block out an IP address which has been detected to send too many unauthorized logon attempts.
As a result, server owner are potentially been locked out of the server if the cPHulkd is enabled, even the wild-guessing brute force hacking is done by hackers in another corner of the world.
When WHM locks out a user account, particularly root, the best way is to wait for 10 minutes to see if the account will be unlocked. If the locks persist, webmaster and administrator who still can remote login via SSH to the server as root can manually remove the lockouts via following steps:
- Type mysql at console to access MySQL client.
- At MySQL client prompt, enter the following commands (preceding with mysql>)one after one, pressing Enter each time:
mysql> use cphulkd;
Expected result: Database changed.
mysql> BACKUP TABLE `brutes` TO /path/to/backup/directory;
mysql> BACKUP TABLE `logins` TO /path/to/backup/directory;
Above command will backup the brutes table, the main table used by cPHulk to record locked accounts and denied IP addresses.
mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins`;
Above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again. If you are familiar with SQL statements, it’s possible to use WHERE clause to specify logins or IP address that you want to remove only.
Exit MySQL client.
If you can’t login to the server due to brute force protection, you probably have to contact web hosting service provider support to physically access the server to remove the Brute Force Protection. To avoid future blockage or lock out, it’s recommended to add own IP address as Trusted Hosts List whitelist in cPHulk Brute Force Protection. To do so, go to WHM -> Security -> Security Center -> cPHulk Brute Force Protection. Inside configure cPHulk, click Trusted Hosts List link.
Brute Force Protection is furnished to give you full control panel security. So there is not much to worry about if you see this problem.