>> What type of logon? SSH, telnet, ...? > > sorry, what comes from typing email when your still asleep. > most seem to be hitting my sshd, tho the username/password > combo leads me to believe that the person is using a database > to try to overload the server. > > killed some pids that where owned by sshd and they kept > cropping up faster than i could kill them. You may want to use SSH public/private-key auth, not password auth. It's not really hard to implement and you wouldn'd be bothered by user/pass-guessing as any attempt to logon that way will just be denied. Gr, Rob