cPanel has a daemon that checks for unsuccessful logins (like lastb on a shell), it is called hulk.
When a user’s user (a customer’s client who bought access to the server) has an error regarding bruteforcing and denying access it’s because someone was bruteforcing his way in using that user’s username.
To make sure of this, log into the server via ssh then:
2.Connect to hulk’s DB
3.Check the times and tries that are logged
select IP, BRUTETIME from brutes order by BRUTETIME; select IP, LOGINTIME from logins order by LOGINTIME;
Both will show the bruteforcing dates and ips that tried to access the server.
The solution is to change the user’s username to something different, try to avoid disabling the bruteforcing protection.