How to remove an IP from cPHulkD

We had a customer who forgot their root password, and within a few tries at different variations, WHM had locked them out. Here’s what we had to do to clear out the IP’s:

Lets “use” the cphulkd database, and see what tables we have

root@w4 [~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2279778
Server version: 5.0.90-community MySQL Community Edition (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use cphulkd;

Database changed
mysql> show tables;
+-------------------+
| Tables_in_cphulkd |
+-------------------+
| auths             |
| brutes            |
| good_logins       |
| logins            |
| whitelist         |
+-------------------+
5 rows in set (0.00 sec)

So we have auths, brutes, and logins.
The table we are looking for is brutes. This is the table where the blacklisted IPs reside.

mysql> select * from brutes;
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
| IP | NOTES | BRUTETIME | EXPTIME |
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
| 24.90.253.66 | 5 login failures attempts to account [email protected] (ftp) | 2008-01-07 14:54:02 | 2008-01-07 14:59:02 |
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
1 row in set (0.00 sec)

mysql>

So we simply remove the entry.

mysql> delete from brutes where IP='24.90.253.66';
Query OK, 1 row affected (0.00 sec)

mysql> 

There you have it! This is most likely the quickest way to remove IP’s that have been locked out.

One Response to “How to remove an IP from cPHulkD”
Nick Posted on June 26, 2010 at 3:36 pm

Great article , just curious what prompted you to write this :) ?

Post a Comment