DA already counts the number of login attempts from a certain IP. This feature will simply block that IP if the number of attempts exceeds a certain threshold. (number is settable, default 100 and feature off). When the IP is added to the file (/usr/local/directadmin/data/admin/ip_blacklist, root ownership) the counter is also reset to 0, so if you remove the IP from the blaclist file, that IP will be able to make X number of attempts again. directadmin.conf ip_blacklist=/usr/local/directadmin/data/admin/ip_blacklist bruteforce=1 (or 0 for off, default) brutecount=100 exempt_local_block=0 (or 1 to prevent 127.0.0.1 from being blacklisted) SKINS: admin/admin_settings.html <tr> <td class=list> Blacklist IPs for excessive login attempts </td> <td class=list> <input type=checkbox name=bruteforce value="yes" |BRUTEFORCECHECKED|> after <input type=text name=brutecount value="|BRUTECOUNT|" size=4> login attempts </td> </tr> <tr> <td class=list> Prevent 127.0.0.1 from being Blacklisted </td> <td class=list> <input type=checkbox name=exempt_local_block value="yes" |LOCALEXEMPTCHECKED|> </td> </tr>