Help with cPHulk Brute Force Protection !

Brute force is an attack that involves using an automated system to guess the password to your web server or services. cPHulk provides protection against brute force attacks.

Some useful commands to deal with cPHulk Brute Force Protection from the back-end :

First get access to the db cphulkd via mysql

#  mysql -u root -p

> use cphulkd

You can view the list of IPs which are blocked as per the brutes table :

> select * from brutes;

To select the IP’s alone and not any other data, use this :

> select IP, BRUTETIME from brutes order by BRUTETIME;

To delete the entire list of IPs in brutes :

> DELETE FROM brutes;

If you brutes lists is too large and you need to find if any particular IP is in the list, you can use this :

> SELECT * FROM `brutes` WHERE `IP`='x.x.x.x';

To delete that particular IP,

> DELETE FROM `brutes` WHERE `IP`='x.x.x.x';

To whitelist a particular IP,

# /scripts/cphulkdwhitelist IP

To disable/enable cPHulk :

# /usr/local/cpanel/bin/cphulk_pam_ctl --enable ( enable the service )
# /usr/local/cpanel/bin/cphulk_pam_ctl --disable ( disable the service )

You can also check the cphulk logs from

# /usr/local/cpanel/logs/cphulkd.log