[support] China attacking our web site.

[Roger]

Last night we had about a thousand attempts on our site.
All are from Chinese addresses blocked by Drupal and a Rule redirects 
off site and sends me an advisory email.
With out the email I would have no idea how many attempts.

Drupal recognises the blocked ip addresses and I have a Rule that reacts 
to those blocked IPs but I do not understand what happens from there.
- How does Rules react to blocked IPs if they don't get into the Drupal 
system?
- I'm supposing that the blocked IPs do get into the system but cannot 
view pages, but in the instant they try the Rules Redirect takes place 
and the email sent.

Can a hacker/cracker use code that detects a redirect which in turn 
redirects straight back to the site under attack?
It seems that we get 5 attempts at the same time then a break of 60 
seconds then it starts again.

Unfortunately Rules does not have facility to include the ip of each 
attempt and I don't particularly want yet another module to handle this.

One of our admins installed the Unlock module, without my knowledge. It 
this dangerous in the above case, can it override the Drupal block or Rules?

Help in understanding is greatly appreciated
thank you
roger