Skip to main content

Unusual experience with WHM

Comments

2 comments

  • triantech
    Hey Richard, Yes, for the security of your server, cPanel's cPHulkd ( brute-force detection s/w ) locks out the account to which numerous login attempts have been made. It can be the same with root account too. When multiple login failures occurs, cphulkd locks out the root account, which would mean neither WHM root login nor SSH would work. I would suggest you the following : - Install csf/lfd and configure the firewall to block the offending IPs ( unlike cPHulkd blocking the account ) trying to brute force your server - Change the SSH port to a custom one I have found the above very useful in addition to disabling direct root login.
    0
  • cPanelMichael
    Hello :) If the lockout happens, you may need to obtain console access and disable cPhulk with commands such as:
    for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done /usr/local/cpanel/bin/cphulk_pam_ctl --disable
    Or, you could add the IP address (or range if it's dynamic) you are connecting from to the cPHulk white list. Note that some users disable cPHulk and utilize a third-party application (e.g. CSF/LFD) to handle brute force attacks. This may be an option for you to consider. Thank you.
    0

Please sign in to leave a comment.