Cannot login to WHM (cPanel), SSH with the root login: cPHulk

Note: This article specifically applies to WHM/cPanel installations.

If you are finding that you are unable to login to the WHM control panel, or SSH - where you are sure the password has not been changed, it is possible that your server is experiencing a brute-force attack against the SSH / WHM root login; as such you would be locked out of the VM until this attack is stopped.

The lock-out is due to a component called cPHulk, which is provided via WHM (cPanel), and it would be blocking access by design.

See the following in relation to cPHulk:

• cPHulk Brute Force Protection

If the steps provided do not release the lock out you will need to follow the steps below:

1. Create an 'Allow' rule, for your IP only to allow full access to the VM - move this rule to the top of the list.
2. Create an 'Deny' rule, to block access to ports 22, 2087 from public access - move this rule underneath the rule you created (as above).
3. Wait for roughly 10-15 minutes (possibly longer) for the lock-out to be removed, where you should then be able to login via SSH/WHM.

Note: The firewall rules would typically be created via your Cloud1 control panel - for the VM in question.

Note: If you are still unable to login, after following the steps above, you may need to restart the VM itself.

Once you gain access to WHM, you should add your IP address to the cPHulk whitelist to prevent the lock-out affecting your connectivity going forward - this is though assuming that your IP address does not change; once you apply the whitelist you can then remove the rules you created above.

Note: You can retrieve the IP address you are using by visiting https://www.whatismyip.com (or similar website).

If your IP address does change and/or you login from multiple locations, the whitelisting above may not be applicable. If this is the case, you would need to leave the blocking rules in place, as per the steps above, as otherwise the lock-out may continue to happen, where you would also need to amend the 'Allow' rule (Item 1) as required to suit your current IP address at the time.

See the following articles for more information in relation to the Cloud1 firewall, and related information:

• How do I modify my firewall on my Cloud VM?
• What is my root\administrator password?
• Where can I log in to my Cloud VM?

If you continue to experience issue with this, please contact our support team via help@blacknight.com for assistance - refer to the following also:

• What is Enhanced Support?