One of the best practices in server management services is to secure your servers to protect it from hacks or attacks. But sometimes you secure it so well that you may accidentally lock yourself out from the server.
Wrongly entering your account password multiple times can exceed the allowed login limits set for your server and WHM and thus can lock you out from the server.
You may see the following message in your WHM:
Brute Force Protection
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
Click here to seamlessly access your WHM
Why do you get locked out of WHM?
This happens due to a feature called cPHulk Brute Force Protection provided by cPanel/WHM servers. cPHulk service provides protection for your server against brute force attacks.
In a brute force attack, attackers use an automated system to guess the password to the web server or services. cPHulk offers protection in account level and IP based restrictions.
When cPHulk detects too many invalid attempts from an IP or account, it blocks that IP address or account, and you would get locked out of WHM.
cPHulk stores two types of information in its database ‘cphulkd’. 1. The logins table that stores login authentication failures and 2. The brutes table that stores excessive authentication failures.
The cPHulk protection rules vary from one server to the other, and depending on the strictness of the rules you have set in your server, the level and duration of the block would vary.
[ Use your time to build your business. We’ll take care of your servers. Hire Our Hosting Support Specialists and boost your server performance. ]
How to remove WHM lock out for your account
While many support technicians simply disable and enable the cPHulk service to flush the entire database and regain access, it is not something we recommend.
Flushing the entire database rules can cause problematic IPs also to get un-banned and attackers can try to access your server. Moreover, disabling brute force protection even for a second is not an advisable thing to do with regard to server security.
The immediate fix we do in such cases to restore normal WHM access to valid users is to unblock their IP address. We obtain the website owner’s IP using a tool like whatismyip.com, or by checking the relevant log files.
With our step-by-step procedure, we lookup the IP block in the following firewalls and unblock it:
1. Check CSF for the IP block and unblock if present. 2. Check for the IP under "WHM >> ConfigServer Security&Firewall >> Firewall Deny IPs" and delete if found. 3. Check if the IP is blacklisted in '"cPHulk Brute Force Protection" and delete it from the list.
Another work around is to access the cPHulk database from MySQL and delete the entries corresponding to this IP address from the two tables of cPHulk – ‘cphulkd.brutes’ and ‘cphulkd.logins’.
[ You don’t have to lose your sleep to keep your customers happy. Our friendly Hosting Support Specialists are online 24/7/365 to help your customers. ]
How to prevent further lock-outs for valid accounts from WHM
Once we ensure that the customer is able to access his WHM, we check the root cause of the block, which is important to prevent recurrent lock outs in the server.
Lock out from WHM can recur due to 2 main reasons
- Customer’s web or other application have any conflicting settings with the server firewall.
- Server firewall is too strict with tight security rules that hinder proper server functioning.
Once the reason is identified, we take proper corrective measures to prevent the IP from getting blocked again – either update the settings at client end or adjust the server security settings.
For valid customers, we obtain their IP addresses and whitelist them in the server firewall to prevent them from being blocked again unnecessarily.
Our 24/7 cPanel expert technicians audit the firewall logs regularly and if lock out issues are frequently noted for many users, we go ahead and optimize the firewall settings.
Based on the reason detected for the IP blocks – such as service login failures, mod_security auto-block, port scanning, etc. – we update the firewall configuration settings to avoid block of legitimate user access.
[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at affordable pricing. ]
Improper firewall rules can cause too many customer complaints and can interfere their normal functions. If you would like to know how to avoid downtime for your customers due to cPanel IP blocks, we would be happy to talk to you.
0 Comments