Use cPHulk for Brute Force Protection.
cPHulk is a security feature found only on cPanel based Linux servers. It locks down the cPanel and WHM logins, SSH (shell/root access) logins, FTP logins, and IMAP/POP3 (mail) logins. These core services are locked down after too many fails from a single IP address. Use cPHulk for Brute Force Protection.
Refer to the following steps to whitelist the ip from the cphuld blacklist database.
Login in the shell as a root user and run the commands.
Disable cPHulk.
Command to disable cPHulk:
# /usr/local/cpanel/bin/cphulk_pam_ctl –disable : to disable cPHulk
# /usr/local/cpanel/etc/init/stopcphulkd
Use “Flush DB” option from WHM.
WHM >> Security Center >> cPHulk Brute Force Protection
Click on “Flush DB” .
Enable cPHulk.
WHM >> Security Center >> cPHulk Brute Force Protection >> Click on Enable.
or
Command to enable cPHulk:
#/usr/local/cpanel/etc/init/startcphulkd
#/usr/local/cpanel/bin/cphulk_pam_ctl –enable
Removing blocked IP addresses manually from cPHulk’s database. It is always better to take the backup of the database, before working on it.
#mysql
mysql> use cphulkd;
mysql> SELECT * FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql> DELETE FROM brutes WHERE `IP`=’xxx.xxx.xxx.xxx’;
mysql> quit