cPHulk is a brute force protection system. cPHulk blocks the IP addresses that have more than one invalid login attempt within a fixed time interval. We are here trying to explain how the cPHulk whitelist IP can be done.
cPHulk stores all of its information in a database called cphulkd. There are two tables of interest: logins and brutes. The logins table stores login authentication failures. The brutes table stores excessive authentication failures indicative of a brute force attack.
There are three possible ways to remove the IP from cPHulk Brute Force Protection.
Using WHM
One way is to remove the IP block or whitelist IP through WHM.
Login to the WHM, go to Security Center » cPHulk Brute Force Protection
Here you can click the Flush DB option to flush the blocked IPs from the database as shown below
Using Database
The second way is by removing a particular IP blocked by cPHulk from its database manually.
SSH to the server as root user
Login to MySQL shell and change to cPhulkd database as shown below
mysql > use cphulkd;
Now you can delete that IP from the cPhulk table as shown below
mysql > DELETE from `brutes` where `IP`='xx.xx.xx.xx'; Query OK, 1 row affected (0.00 sec) mysql > DELETE from `logins` where `IP`='xx.xx.xx.xx'; Query OK, 1 row affected (0.00 sec)
In the same way you can delete the IPs from the ‘logins’ table.
You can completely truncate (clear off) the entries in the brutes table with the command
mysql > TRUNCATE TABLE brutes; mysql > TRUNCATE TABLE logins;
Using cPanel Scripts
The cPHulk whitelist IP can be done using the following script
# /scripts/cphulkdwhitelist <ip_address>;
