Had an interesting thought today. If someone tries to brute force your login screen then why not after so many failed logins redirect them to a page that looks legitimate. This would cause the tool they are using to report that they cracked the password and logged in. The attacker would then have physically verify the login only to see some garbage page and start all over again. This would probably make a script kiddie attack some other site as they would probably not have the programming knowledge to alter the brute forcing engine.
I would have it so that after 10-20 failed logins to redirect to the fake page so that legitimate users have a very low change of being redirected to it.
Just an interesting thought / theory.