cphulkd spamming TTY

Kevin C

• January 19, 2015 19:27

We appear to be undergoing a significant attack and have been for the last 48 hours. Because cphulkd is active, and because our office IP is not whitelisted (A terrible oversight), we have been locked out of root for 48 hours. We have tried using our KVM to get in but for some reason, cphulkd is spamming the login screen so we aren't able to log in as we're getting hit dozens of times per second and can't log in fast enough. So the two questions are: 1. Any way to stop the console spamming that's happening without having a privileged user? 2. How can we prevent the spamming from happening in the future once we have root back?

• 

  Kevin C

  • January 20, 2015 02:48

  As an update to this post, we just ended up null routing all of the server IPs so that we could log in via KVM to flush the cphulk blocks.

  0
• 

  cPanelMichael

  • January 20, 2015 12:57

  Hello :) I am happy to see you were able to address the issue. Thank you for updating us with the outcome. Note that cPanel 11.48 includes some improvements to cPHulk (e.g. firewall blocking functionality) that you may find helpful. Thank you.

  0

Please sign in to leave a comment.