Symptoms
Can't access your email account in Roundcube and a yellow-colored pop up states that the Login failed:
Cause
This occurs because there have been many failed login attempts and cPHulk has blocked the email account from logging in. Please note that the Username-based protection with cPHulk will lock a user as a whole from logging in regardless of the whitelist if a brute-force attack is detected. For more information, please read the following article:
What is username-based protection in cPHulk?
You can confirm the abnormal login attempts in WHM / Security Center / cPHulk Brute Force Protection / History Reports and searching for your email account.
Resolution
CPANEL_INFO: Server security and attack mitigation are not services offered by cPanel and, as such, we can only provide limited observational support for those issues. cPanel does not offer a firewall interface and does not support the server's firewall in any way.
If you are experiencing a brute-force attack from multiple IPs around the world, you should communicate with your data center or hosting provider, as they have specialized equipment to put in place to help mitigate the attack until it slows down or dies off.
If you are experiencing a smaller-scale attack, you can block the attacking IPs on your server with iptables or with any third-party firewall that you might have installed.
Once the incoming attack has been dealt with, you can clear the cPHulk restrictions by clearing the cPHulk history.
- Access WHM as the
rootuser and navigate to Home / Security Center / cPHulk Brute Force Protection. - Select the History Reports tab.
- Click Remove Blocks and Clear Reports
- Access your server using SSH as the
rootuser -
Run the following API command:
# whmapi1 --output=jsonpretty flush_cphulk_login_history
Comments
0 comments
Article is closed for comments.