cPHulk is good, but not good on its own. Like many others too, so combine them if you can. But lets look at cPHulk, does it do its job? yes it does. Before I enabled cpHulk I had about 900 attempt each day on one of my servers. Over a week thats now dropped by half due to IP banning alone.

You cans set a whitelist with your IP (if static) so only that IP can login. I have 3 Ip’s on mine that are static which depends on were I am.

Conclusion. dont rely on one form of preotection, but cpHulk is one of the line of protections to use.

2.
Depending on the number of failed attempts, you could be locked out for a few minutes or for a two week period. To gain back access to your server, you can simply configure your web browser to use a proxy server. This way the incoming connection will be made from another IP address than the one blocked by cPHulk.

Once you’re logged in, go into your cPHulk panel and click on the Flush DB button. That’s it! You gained back accessed. Now be careful next time!

3.
When WHM locks out an user account, especially “root”, the best way is to wait for 10 minutes to see if the account will be unlocked. If the locks persists, webmaster and administrator who still can remote login via SSH to the server as root can manually remove the lockouts via following steps:

1. Type mysql at console to access MySQL client.
2. At MySQL client prompt, enter the following commands (preceding with mysql>)one after one, pressing Enter each time:

mysql> use cphulkd;

Expected result: Database changed.

mysql> BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;
mysql> BACKUP TABLE `logins` TO ‘/path/to/backup/directory’;

Above command will backup the brutes table, the main table used by cPHulk to record locked accounts and denied IP addresses.

mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins`;

Above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again. If you’re familiar with SQL statements, it’s possible to use WHERE clause to specify logins or IP address that you want to remove only.

mysql> quit;

Exit MySQL client.

4.
See what IP is.
Unplug DSL modem to force it to change IP Address. Turn off computer. Wait 5 minutes.
Plug modem back in, and restart PC.
IP should have changed.
If so log in and flush it.

5. If IP hasn’t changed:
Use a proxy with a different IP address and then log in.

I don’t feel like locking myself out of my server to do some testing right now but out of curiosity, does cpHulk clears its database when it starts? Could it be cause by a service that’s crashing / restarting and then flushing the cphulk database?

I might have changed a setting somewhere????