Proxy is based on two parts.

1. They have a central server that handles the ip attacks. Thus reducing your server load.

2. Yes, they do install it and it requires a reboot. Basically if the central server is down or you cant communicate it relies on your apache modules to take over the requests. (which is basically what strong box does - relies on your apache modules working with the software that is installed on your server.)

It is more expensive. But it does reduce server load. Allows you to have logins anyway you want.

Topbucks, SicCash and most of the big guys use it.

Concerning passwords - when using strongbox I had many more "what is my password" even when they created their own....

No, the ProxyPass is not a hosted script. The software is distributed as a custom Apache module written in C that is compiled into your Apache binary. As such, all detection and denial functionality is handled on the installed client server. Although the details of its architecture are proprietary trade secrets--and protected as such--, it works by monitoring all authentication request details (i.e. network endpoints, packet header information, HTTP headers, username, transferred volumes, etc.) for compliance with detection thresholds set by the Apache administrator. In addition, the ProxyPass client module queries centralized ProxyPass servers for access to the largest, most up-to-date list of open, abusable proxies. ProxyPass client servers do not search for proxies nor are they doing intensive analysis of network traffic patterns; that work is done on the centralized ProxyPass servers.

For those you get many attacks (asian sites being one) it is worth it.

When I had my asian site I had a PW on at least two boards every day and it spread from there. MOST of the boards were in Chinese.