On 08/18/11 4:05 PM, Rudi Ahlers wrote: > The point it, it doesn't matter who the user is. As soon as an IP, any > IP exceeds the limit, it should get blocked. you might take a look at the various fail2ban scripts that are commonly used to block an IP for some period of time after a threshold number of SSH or appache login attempts are made, and you can probably figure out how to implement that same sort of concept to run off whatever per-source-IP traffic statistics you're keeping... of course, if your web and mail and whatever servers are accessed by 100s or 1000s of unique hosts a day, those traffic statistics are going to be quite a lot of overhead to track. -- john r pierce N 37, W 122 santa cruz ca mid-left coast