Hi, I made a anti-password hurler for server based authentication, requires php4 / mysql / apache. http://offshoreclicks.com/nocracker.zip
beta quality...free.

Looks good! You may want to timestamp each IP that you log. It is possible that someone fails login 20 times a day (some people are really stupid), so perhaps you should look for short periods between lots of attempts.

Also, if someone is trying passwords, they will be using proxies, and the same IP won't turn up.

Thanks for the feedback! Yeah, thought about timestamping the IPs, just felt it was overdoing it a bit... I mean, 20 legit failures..? You have to be very stupid to do that! :-)
Thought about proxies too, but I figured as a good hurler tries thousands of combos/per hour and there are only so many "open" proxies, they will likely be caught pretty fast anyways. (maybe a good reason *not* to timestamp the IP, say the attacker cycles through 50 proxies at least they will be shut down after 1000 attempts)

Cheers