hack.log entries are now created for >= 10 consecutive failed login attempts

from the same host (but not necessarily the same connection).
No login retry is allowed for suspected hackers (one authentication attempt per
connection).
New-connections from suspected hack hosts are now delayed increasingly with
the number of failed login attempts.