WHM includes a facility called cPHulk, designed to prevent bruteforce login attacks against your server. If a large number of failed logins occur against a particular account (e.g. "root") from any IP address, then all access to root becomes blocked for a period of time - potentially even via the local console.

If this has happened to you, here is how to workaround the problem:

  1. Log into mPanel Dashboard
  2. At the bottom of the screen (under the console), there is a selection for booting into your distribution or Finnix Recovery CD.  Select Finnix and click Save.
  3. Wait for your cloud server to boot into Finnix, eventually you will see typical bash prompt and you are already logged in as root.
  4. Run the following commands (must be typed in, as you cannot paste into the dashboard console):
    mount /dev/vda1 /mnt
    chroot /mnt
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable


  5. When your server switches off, use the control at bottom of dashboard to change back to your distribution.
  6. Once your server has booted again, you should be able to access root as normal.

Additional steps

It is a good idea to create a reseller account in WHM with full access to all permissions; and then use that instead of root.  Because the username will not be brute-forced by bots, you can then safely disable root login entirely.