I have created my own API for my software to talk to Amember. As it stands you can try to login in as many times as you wish. I don't want someone to try to do a brute for attack on my server.. I would like to setup my API so that after 3 unsuccessful times in 1 hour it would block that account by ignoring requests. What existing tables would I need to use.. I like to addapt Amember's existing database tables if I can. If not then I can write my own but I did not want to reinvent the wheel on this one. I guess my questions.... Where are unsuccessful or last logins stored? Is it a table some where or is it just a cookie set? Thanks in advance.