How to Fix cPHulk Brute Force Protection lock out

This account is currently locked out because a brute force attempt was 
detected. Please wait 10 minutes and try again.

When  attempting to login again it will only increase the delay. If you frequently experience this problem, I recommend read this article.

Today I’m going to demonstrate that how you can fix a cPHulk Brute Force Protection lock out that you might have unintentionally triggered.

There are different ways that we could have done this.

The first way would be to disable cPHulk to restore accessibility,Lots of individuals suggested this technique, but I didn’t like it. I certainly don’t want to turn off a security measure that efficiently secured the server.

I like to use another way to reset cPHulk data to regain access.This method doesn’t require disabling cPHulk.

  • Login to your server via SSH.
  • Ru the following command to see login attempts.
mysql -e "select * from cphulkd.logins;"

Here we can see that we have some login attempts to an email account  user@example.com from IP 93.79.195.84:

+---------------------------+----------------+---------+--------+---------------------+
| USER                      | IP             | SERVICE | STATUS | LOGINTIME           |
+---------------------------+----------------+---------+--------+---------------------+
| user@example.com | 93.79.195.84  | pop3    |      0 | 2014-08-15 13:27:04
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:31:52
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:28:19
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:28:34
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:31:32
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:30:34
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:29:28
| user@example.com | 93.79.195.84  | mail    |      0 | 2014-08-15 13:31:51
+---------------------------+----------------+---------+--------+---------------------+

In the next step we run the following command to find detected brute force attempts:

mysql -e "select * from cphulkd.brutes;"

In this case we can see those email accounts cause a brute force block on a IP

| 93.79.195.84   | 10 failed login attempts to account user@example.com 
(mail) -- Large number of attempts from this IP:

Now if you want to clear out the block to regain access right away, then you can  run the following commands to re-allow access:

mysql -e "delete from cphulkd.logins where IP='93.79.195.84';"
mysql -e "delete from cphulkd.brutes where IP='93.79.195.84';"

Now, we can log back into the box.

Leave a Reply

Your email address will not be published. Required fields are marked *