Saturday, 21 January 2012

cPHulk bruteforce attack + remove IP address from database

How to remove the IP address from cPHulk bruteforce attack via cPanel database?

---------
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
----------
or
----------
You cannot login to the account - Brute Fore protection
----------

Normal method we can just whitelist the IP address from the cPHulk option available in the WHM. But still the IP address is available in the database.

How can we remove the IP address from the database?

First find your IP address of your local machine.

http://www.whatismyip.com

if you can ssh to the server login as root and execute the following in the server.

Code:
# mysql
prompt should change to mysql

Code:
mysql> use cphulkd;
you will see...database changed

Code:
mysql>BACKUP TABLE `brutes` TO '/path/to/backup/directory';
backup first!

Code:
mysql> SELECT * FROM `brutes` WHERE `IP`='xxx.xxx.xxx.xxx';
insert your IP instead xxx.xxx.xxx.xxx. Is your IP there? If so,

Code:
mysql> DELETE FROM `brutes` WHERE `IP`='xxx.xxx.xxx.xxx';
that should remove your IP from the table and you will see that in mysql reply. Finally


Code:
mysql>quit
should return you to your usual prompt.


Now you can proceed logging into the cPanel without any issue.


This below command will flush full database. i.e all the blocked IP will be flushed.
mysql> delete from brutes;
Query OK, 0 rows affected (0.00 sec)

mysql> delete from logins;
Query OK, 32 rows affected (0.00 sec)

No comments: