The timestamp on a session file determines if a current session is active or not. Only certain areas in DA, when browsed to, will update this time. Connections to the plugins previously was not one of these areas. This meant than if you sit idle on a page for a long time, and that page makes many calls to DA (ajax/json), then the session file timestamp is not being updated. If left long enough (default: 60 minutes), the session would expire and the ajax requests are then considered unauthorized and the brute force count kicks in, eventually blocking that IP. Simple fix is to touch the timestamp on all plugin calls.