Blog Header Banner

Archive for the ‘brute furce’ tag

Locked out of cPanel Again? Locked out of your Web Site?   no comments

Posted at Oct 21, 2014 @ 9:01am Ask the Expert,Web hosting

cpanelAvid readers of the blog know that I’m a slayer of tickets and protector of the Turnkey Internet realm of support tickets. If you have a support need with your software that you’ve purchased from Turnkey Internet, more than likely, I will be one of the team members who works on your issue. I wanted to write you gentleman and ladies, a post on a support request I see at least once a week if not more. I will start this article off by asking one question. Have you ever been locked out of your house? You walk out the house not thinking about the door, but then you realize that you need to go back into the house to grab your keys. However, the door is locked.

 

What will you do? If you’re a super prepared individual, you may have a spare key laying around somewhere, but if you’re like me, this may not be the case. So, what’s next? Maybe you start thinking, “hmmmm, I wonder if I have any windows unlocked?” You walk around the house hoping, praying, that you have a window unlocked. You soon discover, that you’re a very safety conscious individual and all of your windows are locked? Well, what do you do now? You have no spare key. No windows are unlocked. While that rock on the ground could easily go through the window, do you really want to pay money to get the window repaired?

 

This usually leaves you with no other option then contacting your local locksmith. Pay the ridiculous amount to have them drive out and let you back into your house in a matter of minutes. Now, what if that happens on your server? For the sake of this article, we will assume you have a server, VPS/Dedicated/Cloud, that has cPanel installed. You haven’t changed the password, but all of a sudden you can’t login to your cPanel or WHM anymore. What do you do? Well, if you purchased your services from Turnkey Internet, the quickest way would be to open a support ticket and have one our engineers allow you back in, but what if you’re a do it yourself type of person? Is there a back spare key you can use?

 

Now, just to be clear, I’m not talking about not being able to view your site in a browser, but specifically about your cPanel password, that you’ve not changed, no longer working. You may get the first thought that, holy crap, my account has been hacked. Someone has stolen my password and is slowly but surely stealing all of my data. While yes, this could be a possibility especially if you have an insecure password, e.g. CAT123, but what if you have a secure password. A 12 character password. It’s more less likely that your cPanel password has been stolen and more likely that you’re locked on our your account by cPHulk.

 

It’s very possible that you’ve heard of cPhulk before. For those of you who haven’t, the link below will explain exactly what cPHulk is:

 

http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/CPHulk

 

cPhulk is a brute force protection software that is installed by cPanel by default. This little piece of software constantly monitors the server to ensure no one is brute forcing their way into your server. For users who do not know what brute forcing is, please see the link below:

 

http://en.wikipedia.org/wiki/Brute-force_attack

 

To summarize that link, brute forcing is when a hacker tries every iteration possible to login to your account. They start with a dictionary of commonly used username and passwords and attempts to login to your account with each one. This is called a brute force attack and is what cPHulk is written to protect against. However, cPHulk can be a bit over zealous at times and end up blocking you out of your own accounts. So, how do you fix?

 

This fix assumes that you have root access to the server and a SSH client such as Putty to access the server.

 

  1. SSH to your server
  2. Type mysql
  3. Connect cphulkd;
  4. Delete from brutes;
  5. Delete from logins;

 

That will clear all IP’s currently blocked on the server and allow you to login to cPanel/WHM. At which point, you can go to Security Center -> cPHulk Brute Force Protection  and white list your own IP to keep this from occurring in the future. You’ve essentially just become your own cPanel locksmith. If you’re still having issues, you can always open a support ticket with us directly at: https://helpdesk.turnkeyinternet.net/

 

Until next time…

Follow Us : Facebooktwitterlinkedinyoutubeinstagram
Share : Facebooktwitterredditlinkedinmail

Written by Jeremy on October 21st, 2014

Tagged with , , , , , ,