Just wondering if it was a good idea to have Protector automatically add IP's listed as being the origin of the most attacks into the banned IP's list?
If you have a look at
http://www.dshield.org/top10.php they have a list of the IP ranges that are being reported as trying to attack other people. This list is updated several times a day, and is based on submissions from millions of routers worldwide (they had close to 1 billion records submitted last month). The even have some example scipts for automatically updating your block lists;
http://www.dshield.org/block_list_info.php