For several reasons, this is not a good solution to the problem:

First off, you penalize any valid users that want to log in for the first time.

Secondly, any attacker can just start up a bunch of requests at the same time (let's say 10 requests) and still get way more attempts per second. Try to stop that and you'll create a situation where your security system will probably become more convoluted and difficult to test (thus probably still not working correctly).

Anyways I'd go for matsmats++ solution, or go for full client SSL certificates if you can affort the trouble and money.

-- 
#!/usr/bin/perl -w
use strict;$;=
";Jtunsitr pa;ngo;t1h\$e;r. )p.e(r;ls ;h;a;c.k^e;rs 
";$_=$;;do{$..=chop}while(chop);$_=$;;eval$.;
[download]