Knowledge Essentials - 3Essentials Hosting

cPanel account locked with message: Brute Force Protection This account is currently locked out bec

Article ID: 1682

 Back to Search

Symptom: When attempting to log into my cPanel account, I get the following message:


Brute Force Protection

This account is currently locked out because a brute force attempt was detected. Please wait a few minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.

 

Resolution: This is due to security protection mechanisms 3Essentials has in place on these servers to prevent brute force password cracking attempts.  Brute force password cracking describes activity where a hacker will use an automated tool to attempt to log into your account using thousands of possible password combination.  While that sounds a long shot, people today still make bad password choices, and still an effective (and common) hacking tool as a result.  

 

The Brute Force Protection mechanism locks and account or an IP from being logged into for a period of time if multiple failed login attempts are detected, in order to protect against this type of password cracking activity.
 
If you're received this message when you logged in, please wait AT LEAST 15 minutes before retrying.  If you attempt to login again DURING that 15 minutes, the clock is reset. 
 
Please note the mechanism is triggered NOT ONLY for cpanel attempts, but also webmail and mail connections.  So if you are in an office environment, behind a NAT, and a user has an incorrect email password, it can trigger this (and cause you to be continuously blocked.  I.e., if you have multiple people connecting from one location, behind a NAT, they all show up as one IP... so one person wtih the wrong password can trigger a block against the IP, thus blocking everyone at that location.

If you're still receiving this message after this. please contact our support department and include the following information in your request:

  • your cpanel user acccount
  • your IP address as reported at: http://3essentials.com/ip.asp
  • description of the problem (that you're getting the brute force protection mechanism even after waiting MORE than 15 minutes to login again).

Also related: 

 
Downloads Associated With This Article
jmailformmail.zip : JMail_FormMailExample