IP based denial is always going to have downsides. In this age of NATs and proxies, tracking a user via IP is only a 'pretty good' method, but not optimal.
I do IP-based denial on local machines, but I wouldn't share those... not because I want to keep the information to myself, but I'd rather not 'poison' other peoples' legitimate customers because some schmuck that was already easily detected and denied access happened to be using the same proxy/whatever.
