Of course a good system admin would locate offenders if they were on top of things. I merely wanted to point out that it isn't fail-safe by itself. I know you know that, for others.

It's definitely a cat and mouse game. Of course, the same applies not only to web services, but, email and other services. That's why the firewall is a better choice than simply adding to .htaccess