Locked Out Of cPanel VPS

If you are locked out of your cPanel VPS and cannot load your website, cPanel and/or WHM login, chances are you have been blocked by the inbuilt firewall protection. Please follow the steps starting at point 1 (it's unlikely you are blocked by the 2nd section - cPHulk, so focus on point 1 first).

1. You are blocked by ConfigServer Security & Firewall.

This is a plugin product that is installed by default on cPanel servers we provision. This is the most likely cause of losing access to your cPanel server. You can do a quick test to ensure that your server is online and it's only you who is blocked by testing it at http://downforeveryoneorjustme.com/ 

If the server is indeed online, and it's only you who are blocked, then most likely you are blocked by the firewall.

Getting access again

If you are blocked by ConfigServer Security & Firewall, the quickest thing to do is reset your ADSL modem and get a new IP address. This will allow you access again.

Alternatively you'll need to access WHM using another internet connection (for example through 3G or 4G on your phone), go to WHM -> Plugins -> ConfigServer Security & Firewall and choose 'Flush Blocks'. This will remove all current blocks and allow you regular access again.

Whitelisting your IP

You can now login to WHM -> Plugins -> ConfigServer Security & Firewall. Find the 'Quick Allow' button, and hit a little cog icon next to it. This will auto fill the field with your IP address, then click 'Quick Allow'. This will whitelist your current IP address.

Find out why you were blocked

ConfigServer Security & Firewall will block you if you are NOT on the whitelist, and if you try to login using incorrect credentials to any service on the server (this includes mail, cPanel, WHM, SSH, website authentication and FTP).

If you were blocked and want to see exactly why you need to:

• Go to WHM -> ConfigServer Security & Firewall
• Click on 'Search System Logs'
• Type your IP address and click the 'Search'  button.
• This will show you any entries with regards to that IP and a reason it was blocked.

2. You are blocked by the cPHulk (cPanel brute force protection).

The easiest way to fix this is reset your ADSL modem and get a new IP address. You can then access WHM and find 'cPHulk Brute Force Protection'. You can whitelist your IP address in there. You can also flush all blocks in there.

Alternatively (if you cannot change your IP address or access WHM via another internet connection to flush any blocks), to fix this, you will need to restart your VPS (this can be done through the 'My Account' -> 'Manage VPS' on our website).

Set a constant ping to your VPS IP address while it's restarting by opening a command prompt and typing:

ping x.x.x.x -t

As soon as it starts to ping, you need to login through SSH (we recommend Putty)

Once you are in, type the following:

• Type mysql at console to access MySQL client.
• At MySQL client prompt, enter the following commands (preceding with mysql>)one after one, pressing Enter each time:

  mysql> use cphulkd;

  Expected result: Database changed.

  mysql> DELETE FROM `brutes`;
  mysql> DELETE FROM `logins`;

  Above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again. If you’re familiar with SQL statements, it’s possible to use WHERE clause to specify logins or IP address that you want to remove only.

  mysql> quit;

  Exit MySQL client; (do not close your SSH connection)

Try connecting now through WHM. If it still fails type:

rm -f /var/cpanel/hulkd/enabled

/etc/rc.d/init.d/cpanel restart

That will disable cpHulk which is the cause of the lockout, and restart cPanel. Now try logging into WHM again and you should be fine.

To avoid future blockage or lock out, it’s recommended to add your own IP address to the whitelist in cPHulk Brute Force Protection. To do so, go to WHM -> Security -> Security Center -> cPHulk Brute Force Protection.