I'm not a programmer, so I am not 100% sure what your solution looks like.
Ideally, I would like to have the option of setting the "ban-time-duration" and the command I'd like executed, but on the other hand I just realized, that might not work if the site is on a server where everything is properly secured. I mean executing a firewall command that will ad the IP to the iptables firewall will probably not be feasible.
What are your thoughts on this?
I brought the idea up as I thought it would take a lot of load off a server to have "bad guys" blocked straight away by iptables instead of going through apache just to serve a "bugger off" message...