Monday 3 June 2013

Remove particular IP from cphulk bruteforce database

When your local ISP IP blocked in cphulk database then you can not remove it from WHM  because cPanel has not offered this feature yet.
You will have to flush and remove those IP's from cphulk database, Also, you can remove other IPs from cphulk database via shell  that is not recommended as far as security is concerned.

Solution ::-
1) Access your server with root privileges and connect database and follow the below steps through shell.

root@servertechs [~]# mysql
mysql> connect cphulkd
mysql> select IP, BRUTETIME from brutes order by BRUTETIME;
mysql> select IP, LOGINTIME FROM logins order by LOGINTIME;


The above commands shown the  brute force login attempt with IPs and time. After that use the below command on shell and remove the IP.
-------------------------
mysql> delete from brutes;
mysql> delete from logins;
-------------------------
Now, You can login your server via WHM/cPanel.

Also, you can disable and enable cPHulk on your server using the following command.

root@servertechs [~]# /usr/local/cpanel/bin/cphulk_pam_ctl --disable 
root@servertechs [~]# /usr/local/cpanel/bin/cphulk_pam_ctl --enable

No comments:

Post a Comment