Last night we had about a thousand attempts on our site. All are from Chinese addresses blocked by Drupal and a Rule redirects off site and sends me an advisory email. With out the email I would have no idea how many attempts.

Drupal recognises the blocked ip addresses and I have a Rule that reacts to those blocked IPs but I do not understand what happens from there. - How does Rules react to blocked IPs if they don't get into the Drupal system? - I'm supposing that the blocked IPs do get into the system but cannot view pages, but in the instant they try the Rules Redirect takes place and the email sent.

Can a hacker/cracker use code that detects a redirect which in turn redirects straight back to the site under attack? It seems that we get 5 attempts at the same time then a break of 60 seconds then it starts again.

Unfortunately Rules does not have facility to include the ip of each attempt and I don't particularly want yet another module to handle this.

One of our admins installed the Unlock module, without my knowledge. It this dangerous in the above case, can it override the Drupal block or Rules?

Help in understanding is greatly appreciated thank you roger