Learn cPanel

We had a customer who forgot their root password, and within a few tries at different variations, WHM had locked them out. Here’s what we had to do to clear out the IP’s:

Lets “use” the cphulkd database, and see what tables we have

root@w4 [~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2279778
Server version: 5.0.90-community MySQL Community Edition (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use cphulkd;

Database changed
mysql> show tables;
+-------------------+
| Tables_in_cphulkd |
+-------------------+
| auths             |
| brutes            |
| good_logins       |
| logins            |
| whitelist         |
+-------------------+
5 rows in set (0.00 sec)

So we have auths, brutes, and logins.
The table we are looking for is brutes. This is the table where the blacklisted IPs reside.

mysql> select * from brutes;
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
| IP | NOTES | BRUTETIME | EXPTIME |
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
| 24.90.253.66 | 5 login failures attempts to account [email protected] (ftp) | 2008-01-07 14:54:02 | 2008-01-07 14:59:02 |
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
1 row in set (0.00 sec)

mysql>

So we simply remove the entry.

mysql> delete from brutes where IP='24.90.253.66';
Query OK, 1 row affected (0.00 sec)

mysql> 

There you have it! This is most likely the quickest way to remove IP’s that have been locked out.