dstiles - 8:49 pm on Feb 16, 2011 (gmt 0)
As SevenCubed said, spamhaus is not a good idea. Mostly it's dynamic broadband IPs - the very traffic you want (in the UK - BT and NTL, in the US RoadRunner and Charter etc).
Possibly use the spamhaus DBL and Drop list - these are domains used for hosting exploits - but it's a time-delay probably not worth including, especially as most of the exploited domains run from a relatively small range of IPs which can easily be blocked anyway. Also, in my experience, exploited servers do not seem to cross over between mail and botnet.
I block countries according to the requirements of various web sites. Here in the UK I have several sites that do not need traffic from Asia, South America and the Russia/Ukraine/Romania block. On the other hand, I also have clients who want traffic from such regions so blocking by country for me has to be selective.
My own blocklist is run through MySQL and, as referred to above, I add a few new ranges every day - now generally small ranges. I would have preferred to use htaccess as that pevents bad bots actually seeing the page at all, but on my Windows 2003 server I'm stuck with blocking content, with a few really bad exceptions that go into the IIS blocklist.
Total MySQL database size is currently about 20,000 records (collecting for about 12 months using MySQL), but about half of those are single dynamically blocked IPs which are over-due for removal. Typical introduced delay for the first page is 15-30 milliseconds; if sessions are enabled on the browser then faster for subsequent hits.
If you have time/experience it may pay to see if MySQL can feed htaccess - I do not have significant experience of htaccess so I don't know if it's possible, but I would have thought it possible to use a dynamic htaccess based on the IP and UA.