I don't think this is a bug, it appears to be by design. The documentation for the BadPassLimit directive states (and I quote): "If a user enters count invalid passwords for any Services function or combination of functions during a single IRC session (subject to BadPassTimeout, below), Services will issue a /KILL for the user.". --K