HI folks I am trying to spot compromised (or just 'shared') accounts by looking at where logins are coming from. I am doing this by using the free city data base from www.maxmind.com. If this works out we will probably pay for the full product. Anyway, my question for the list is "Just how reliable are these services for IPs within NZ?" Here is a sample from yesterday (with user names removed) -- each line represents source IPs for logins for an individual user: 219.89.198.13 (NZL - Auckland)121.72.9.137 (NZL - Hamilton) 121.90.27.131 (NZL - Wellington)121.90.122.37 (NZL - Auckland)121.90.74.159 (NZL - Auckland) 122.57.145.200 (NZL - Auckland)202.49.164.5 (NZL - Tauranga) 115.189.161.73 (NZL - Hamilton)115.189.179.137 (NZL - Waiuku)115.189.145.152 (NZL - Thames) 121.90.0.218 (NZL - Auckland)121.90.111.192 (NZL - Dunedin) 79.149.142.140 (ESP - Madrid)121.98.170.93 (NZL - Auckland)95.124.89.94 (ESP - Madrid)95.124.67.187 (ESP - Madrid) 121.72.217.194 (NZL - Manukau City)121.72.180.138 (NZL - Auckland)210.246.2.132 (NZL - Auckland) 129.132.128.136 (CHE - Zürich)130.132.123.28 (USA - New Haven) 203.82.92.164 (MYS - Johor Bahru)203.82.80.55 (MYS - Kuala Lumpur)203.82.80.49 (MYS - Kuala Lumpur) 118.93.234.249 (NZL - Auckland)118.92.201.194 (NZL - Whangarei) 118.90.64.249 (NZL - Hamilton)118.90.103.244 (NZL - Auckland)118.90.108.245 (NZL - Auckland) 222.154.97.215 (NZL - Whangarei)121.98.180.58 (NZL - Auckland) 121.72.9.243 (NZL - Hamilton)121.72.24.158 (NZL - Auckland) 202.27.76.119 (NZL - Auckland)222.154.97.134 (NZL - Whangarei) 139.80.123.38 (NZL - Dunedin)132.239.1.230 (USA - La Jolla)139.80.123.34 (NZL - Dunedin)118.17.75.101 (JPN - Osaka) Some of these are clearly suspicious -- Auckland and Madrid ? Dunedin, US, JP ? but what about the ones within NZ? Yes, some of these locations may well be correct and the usage legit (people do travel) but the number seems high. Russell