How to remove IP from database in case of ‘cPHulk bruteforce attack’?

cPHulk is a brute force protection system developed by the cPanel team and is exclusive to cPanel / WHM control panels. This protects service like WHM, SSH,FTP,IMAP and POP3 by disabling the authentication to those service after a brute force attack is detected. cPHulk mainly blocked the IPs which have perform more than one wrong login attempt with in a tiny time limit. If we need to remove a particular IP from the cPHulk deny list this is possible in two ways, Either from WHM or through database.

Let us see how to remove IP from database.

  • First you need to SSH to the server as root.
  • # mysql (prompt should change to mysql)
  • mysql> use cphulkd; (database changed )
  • Make a database table backup. ( mysql>BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’; )
  • Find the particular IP from table. (mysql> SELECT * FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’; )
  • Delete a particular IP from the table. (mysql> DELETE FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’; )
  • Quit from MySQL ( mysql>quit )

To flush full database

  • mysql> delete from brutes;
  • mysql> delete from logins

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Leave a Reply