I believe you should move the code from index.tcl to user-login.tcl. An automated hackbot can skip index.tcl and hack away at user-login.tcl.
Also there isn't any danger in index.tcl being retrieved thousands of times, the danger is in login attempts via user-login.tcl.
I would put this code into the failed login portion(s) of user-login.tcl. That way successful logins do not affect your counter, minimizing your chances for accidently blocking users that share an IP.
