Symptoms
Can't access your email account in Roundcube and a yellow-colored pop up states that the Login failed:
Description
This occurs because there have been many failed login attempts and cPHulk has blocked the email account from logging in. Please note that the Username-based protection with cPHulk will lock a user as a whole from logging in regardless of the whitelist if a brute-force attack is detected. For more information, please read the following article: What is username-based protection in cPHulk?
You can confirm the abnormal login attempts in WHM » Security Center » cPHulk Brute Force Protection » History Reports and searching for your email account or you use the following API call:
https://api.docs.cpanel.net/openapi/whm/operation/get_cphulk_failed_logins/
whmapi1 get_cphulk_failed_logins | grep -B9 email@address.tld
Workaround
If you are experiencing a brute-force attack from multiple IPs around the world, you should communicate with your data center or hosting provider, as they have specialized equipment to put in place to help mitigate the attack until it slows down or dies off. If you are experiencing a smaller-scale attack, you can block the attacking IPs on your server with iptables or with any third-party firewall that you might have installed.
Please note that server security and attack mitigation are not services offered by cPanel and, as such, we can only provide limited observational support for those issues. cPanel does not offer a firewall interface and does not support the server's firewall in any way.