dstiles - 8:28 pm on Dec 6, 2012 (gmt 0)
I have my system arranged such that it checks not only the actual IP but any proxy IPs as well. If a proxy IP is in a blocked range (server farm, high-abuse-rate IP etc) then the actual IP is blocked as well: it usually means the idiot using the real IP has a virus that's turned it into a bot-net or some such.
An example of this occurred during the past few days - several different IPs came in with a variety of UAs etc but ALL with a single proxy IP that placed the requester at a UK server farm in the range 88.208.193.nnn. This is not the first time this server range has attacked via proxies: it happened several months ago as well.