You can also use a php redirect to bump them back up into the parent directory:
/* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
Save that as index.php in the folder in question.
This may also keep out most robots, but you should still make a point of excluding those directories via robots.txt
I admit, though, that I like the “your IP address has been logged” idea. (Fwiw, the safe in the office where I work has a sign over it saying, “Danger, High Voltage”. I like these approaches.)