Home > CPanel / WHM, MySql > IP remove from Brute Force Attack database by SSH

IP remove from Brute Force Attack database by SSH

December 15th, 2012 Leave a comment Go to comments

Sometimes, because of the Brute Force Attack we are unable to login to WHM if we are using correct details also. Then at that time try using below method.

 

Login to server via SSH.

Connect with mysql database using mysql command. It will show below output.

[email protected] [/var/log]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 172123
Server version: 5.1.65-cll MySQL Community Server (GPL)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>

Then type show databases commands in mysql it will show all databases.

 

mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| cphulkd |
| eximstats |
| horde |
| leechprotect |
| logaholicDB_test |
| modsec |
| mysql |
| roundcube |
+——————–+
9 rows in set (0.00 sec)

Then go to cphulkd database using below command.

mysql> use cphulkd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

Now, it’s time to show tables.

mysql> show tables;
+——————-+
| Tables_in_cphulkd |
+——————-+
| auths |
| blacklist |
| brutes |
| good_logins |
| logins |
| report |
| whitelist |
+——————-+
7 rows in set (0.00 sec)

You can take backup of tables using below command

mysql>BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;

Run below command to check your IP is blocked in CPHulk Brute Froce database. Replace xxx.xxx.xxx.xxx with your IP

mysql> SELECT * FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;

Run below command to remove IP from database

mysql> DELETE FROM `brutes` WHERE `IP`=’xxx.xxx.xxx.xxx’;

Also, check IP in login table also by running the below command

mysql> SELECT * FROM ‘logins’ WHERE ‘IP’ =’xxx.xxx.xxx.xxx’;

Remove the IP from login table using below command.

mysql> DELETE FROM ‘logins’ WHERE ‘IP’ =’xxx.xxx.xxx.xxx’;

OR

You can use below method to clear brutes and login tables. Please note it will remove all the IP’s from database.

Now empty some tables by giving the below commands.

mysql> DELETE FROM brutes;
Query OK, 60 rows affected (0.00 sec)

mysql> DELETE FROM logins;
Query OK, 34 rows affected (0.00 sec)

 

 

9 rows in set (0.00 sec)

 

Categories: CPanel / WHM, MySql Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.