Disable cPHulk Brute Force Protection to restore cPanel VPS access

Follow

If you're unable to log into your WHM interface, cPanel, email or FTP accounts on your VPS and instead get an error message 'The login is invalid', your IP address is likely to have been blocked by the cPHulk brute force protection software.

Work through the following steps to unblock your IP address and restore access to your server.


1. Sign into mPanel and navigate to the dashboard page of the VPS you need to gain access to.

2. At the bottom of the screen (under the console), there is a selection for booting into your distribution kernel, Mammoth kernel, or Finnix Recovery CD. Take note of the kernel currently selected; you'll need to switch back to it later. Select Finnix Recovery CD and click Save.

3. Wait for your server to boot into Finnix, eventually you will see typical bash prompt and you are already logged in as root.

4. Run the following commands (must be typed in, as you cannot paste into the dashboard console):

mount /dev/*vda1 /mnt
chroot /mnt
/usr/local/cpanel/bin/cphulk_pam_ctl --disable
exit
poweroff


5. When your server switches off, use the kernel selection underneath the dashboard to change back to your previously selected kernel(noted earlier).

6. Once your server has booted again, you should be able to access root as normal and also sign into your root WHM account in another browser tab or window to check your access has been restored.


7. Use either of the following methods to enable cPHulk protection again.

7.a) Enter the following text into the rescue console(while logged in as root) to enable cPHulk again

    /usr/local/cpanel/bin/cphulk_pam_ctl --enable

7.b) Browse to the cPHulk Brute Force Protection subsection of WHM and click Enable to protect your server again.

Additional Information

It is a good idea to create a reseller account in WHM with full access to all permissions; and then use that instead of root. As the reseller account username is unlikely to be brute-forced by bots, you can then safely disable root login entirely.

Please refer to the following step-by-step guide on adding a reseller account with full access in WHM here - Using an alternative account to 'root' on WHM VPS

 

Have more questions? Submit a request

Comments

Powered by Zendesk