hi guys i want get users / ip that try to connect to server with bad password/user and retry very frequently (normally a brute force attack) some things i need: 1)get information about connection when it fail or not (maybe an audit plugin could do this?), information that i need: 1.1)protocol (tcp/unix/others) 1.2)user 1.3)remote ip (when tcp only) it must be executed in every login 2) log this information maybe we could use CSV,aria, myisam, to log bad logins and put it in a log table: PROTOCOL, USER, REMOTE IP, DATATIME 3) add columns to user BAD_LOGIN_MAX_TRIES, BAD_LOGIN_LOG_TIME, BAD_LOGIN_MIN_RETRY_TIME 4) add server global bad_login_tcp_log_time, bad_login_tcp_max_errors 5) implement checks before connection: when openned a connection to server via TCP execute something like: SELECT COUNT(*) FROM bad_login_log WHERE remote_ip="remote_ip" AND datetime>NOW() - @@bad_login_tcp_log_time if COUNT(*) > @@bad_login_tcp_max_erros disconnect 6) implement user checks: SELECT COUNT(*),(SELECT BAD_LOGIN_MAX_TRIES FROM users WHERE user="user") FROM bad_login_log WHERE user="user" AND datetime>NOW() - (SELECT BAD_LOGIN_LOG_TIME FROM users WHERE user="user") if count(*) > bad_login_max_tries form that user disconnect that's all -- Roberto Spadim SPAEmpresarial