Thanks for the replay.
I solved the issue by using a database for the blacklist and inserting IP address, counter and tag value.
The tag and counter are used for aging out the entry.
This is done by this script:

#!/usr/bin/perl
use DBI();

my $dbh = DBI->connect("DBI:mysql:database=xxxx;host=localhost",
                     "xxx", "xxxxx",
                     {'RaiseError' => 1});
my $i = 144;

while ($i > -1) {
    print "$i\n";
    $newCounter = $i - 12;
    $rows = $dbh->do("update blacklist set counter='$newCounter', tag=
+'1' where counter = '$i' and tag = '0'");
    $i = $i - 12;
}

$rows = $dbh->do("update blacklist set tag='0' where tag like '%%'");
$rows = $dbh->do("delete  from blacklist where counter <= '0'");

$dbh->disconnect();
exit(0);
[download]

The script runs every 5 minutes which gives each entry one hour to live (unless updated with a new counter)
Still if any one have a better way I will be glad to know…..