On Thursday 15 January 2009 19:10:44 Dotan Cohen wrote: > I get a few thousands of these every day in the logs: > Illegal users from: > 70.85.222.106 (sales.gbdweb.com): 518 times > anna/password: 1 time > apache/password: 1 time > arthur/password: 1 time > attack/password: 1 time > awharton/password: 1 time > > How can I start logging the passwords attempted as well as the > usernames? Thanks. You can try fail2ban to first cick the attaquer out.