Introduction

cPHulk is a security feature in cPanel/WHM that protects the server against brute force attacks by temporarily blocking IP addresses after multiple failed login attempts.

Sometimes legitimate users may get blocked and encounter errors such as:

This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay.

or

You cannot login to the account – Brute Force Protection

Normally, administrators can whitelist the IP address through WHM → Security Center → cPHulk Brute Force Protection. However, in some cases, the IP address may still remain stored in the cPHulk database and continue causing login issues.

This guide explains how to manually remove the blocked IP address from the cPHulk database using MySQL.

Prerequisites

Before proceeding, ensure the following requirements are met:

  • Root SSH access to the server
  • cPanel/WHM installed on the server
  • MySQL/MariaDB service running
  • The public IP address of the blocked client machine

You can identify your public IP address using:

https://www.whatismyip.com

Steps to Remove the IP Address from cPHulk Database

1. Login to the Server via SSH

Connect to the server as the root user.

ssh root@your-server-ip

2. Access MySQL

Run the following command:

mysql

The prompt should change to:

mysql>

3. Select the cPHulk Database

Execute:

USE cphulkd;

You should see:

Database changed

4. Backup the brutes Table (Recommended)

Before making changes, create a backup of the table:

BACKUP TABLE brutes TO '/path/to/backup/directory';

Replace the backup path with a valid directory on the server.

5. Check if the IP Exists in the Database

Run the following query and replace xxx.xxx.xxx.xxx with your public IP address:

SELECT * FROM brutes WHERE IP='xxx.xxx.xxx.xxx';

If the IP appears in the output, proceed to the next step.

6. Remove the Blocked IP Address

Execute:

DELETE FROM brutes WHERE IP='xxx.xxx.xxx.xxx';

This removes the blocked IP entry from the cPHulk database.

7. Exit MySQL

Run:

QUIT;

You will return to the normal shell prompt.

Flush All Blocked IP Addresses (Optional)

If required, you can clear all blocked IP addresses and login records from cPHulk.

Remove all blocked IPs:

DELETE FROM brutes;

Remove all login records:

DELETE FROM logins;

Example output:

Query OK, 32 rows affected

Conclusion

Manually removing an IP address from the cPHulk database is useful when legitimate users remain blocked even after whitelisting their IP in WHM. By accessing the cphulkd database and deleting the relevant entries, administrators can quickly restore access without waiting for the automatic lockout period to expire.

It is recommended to use this method carefully and always create a backup before modifying database records.

Post Views: 170

Leave a Reply