My production sites are all still using Drupal 6 as the necessary modules to use Drupal 7 are not yet ready. In any case, these sites have been coming under increasing hacker attack. Here is what is occurring in a nutshell:
- A script hits the site and creates one or more accounts
- These attempts fail for one or more of these reasons:
a) An omission within the registration form
b) A failure to validate the e-mail address
c) A Mollom challenge failure (rare)
d) Several immediate attempts to login
- Drupal notices these actions are all coming from the same IP
- Login Security, as per settings established, rates this as an ongoing attack and bans the IP

http://drupal.org/project/login_security

No problems with anything thus far, other than the annoyance factor. My issue is in long-term management of IP bans. To help reduce server load, I prefer to put long-term IP bans into the deny section of the .htaccess file.

However, the majority of these recent automated bans trace back to (suspected) compromised corporate servers. The Access Rules section of Drupal does not show WHEN an IP ban was put into effect. Assuming the hacker is spoofing their IP, establishing a long-term IP ban is not going to be effective. After a given interval, the ban inside Drupal should be lifted but not knowing when it was created makes management difficult. Has this issue been (or will it be) addressed in Drupal 7?

Thanks for your time!