cPHulk is a brute force protection system developed by the cPanel team and is exclusive to cPanel / WHM control panels. This protects service like WHM, SSH,FTP,IMAP and POP3 by disabling the authentication to those service after a brute force attack is detected. cPHulk mainly blocked the IPs which have perform more than one wrong login attempt with in a tiny time limit. If we need to remove a particular IP from the cPHulk deny list this is possible in two ways, Either from WHM or through database.
Let us see how to remove IP from database.
- First you need to SSH to the server as root.
- # mysql (prompt should change to mysql)
- mysql> use cphulkd; (database changed )
- Make a database table backup. ( mysql>BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’; )
- Find the particular IP from table. (mysql> SELECT * FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’; )
- Delete a particular IP from the table. (mysql> DELETE FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’; )
- Quit from MySQL ( mysql>quit )
To flush full database
- mysql> delete from brutes;
- mysql> delete from logins
If you require help, contact SupportPRO Server Admin