Ron: > > >From what I see, DenyHosts only blocks based on failed > > SSH attempts > > That is incorrect. Denyhosts has a config option named > "BLOCK_SERVICE" > which can be set to "ALL". I think you misunderstood my point. It looks like BLOCK_SERVICE tells what to block once the offender has been identified. What I am talking about is the process of identifying the offender in the first place. It looks like only a failed SSH login attempt will cause someone to be blocked. If they try to attack another service (pop3s for example), DenyHosts will not block them. Does this make sense? Or, am I wrong about it? Thanks, Neil -- Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com Will your e-commerce site go offline if you have a DB server failure, fiber cut, flood, fire, or other disaster? If so, ask me about our geographically redudant database system.