If you are finding that your htaccess file is getting huge then have a look through all of the addresses that you are presently blocking. I found that I had about 45 originally then when you look at the blocks they are coming from there was actually only 8 address blocks that covered over 30 of those individual rules. Now I just add address blocks when I want to block anything, unless the culprit has a static IP address, then I only block them.

However as with blocking anyone the negatives are that you get no custom from that ip address block. There is no way to block then but also allow them into your site to spend money. So the decision to block comes down to - do they cost you more money than they make you? If yes block them, if no let them in and put up with it...or just block then cos they are annoying >:)

Best to understand what is being attempted by these countries / proxies and work on a solution from there.

Problems I have include:

Message Board Spamming - solution:Upgraded to latest version (phpbb3) and implemented other anti bot features

Members Area logfile spamming - solution: introduced shorter username and password settings and 403 anything outside those ranges.

Links Page Spamming - solution:100% of all attempts here are pushing fre e*we b_to wn (obfuscated) pages so I just totally block any referrals from that site

Mail Server Spamming - solution:enabled 4 x RBL lookups, removed catch all addresses.

Login Attempts - solution:installed denyhosts/

Ex pl_oit Apache Attempts - solution:Installed mod security.

Mod security is very useful and has saved me hours of admin. I'd recommend using this rather than basic .htaccess blocking but one feature I would like is this:

Everytime mod security issues a 403/500 add it to a database and block via iptables. Length of block deteremined by severity of exploit.

Haven't got round to doing this at the moment but will do when latest version installed.

In summary - don't think that blocking countries will keep the bad guys out. They will use proxies from other countries, and your more local ISPs. Far better to block what it is they are trying to do.

the .htaccess file gets too big

It depends entirely how the file is structred, as to server load and requests that could be server load heavy.
Scripts as well may prove server load heavy.

Also dependendent upon the bells and whistles your pages may utilize.

My own file is close to 90k with 1800+ lines, however the lines have been kept "KISS".

My sites are basically an extranet with access outside of North America very restricted, however not complete.
Some ranges are simply added as they appear (i. e., an ongoing process).

block the IP addresses of entire countries

Some others have provided worthwhile explantions.

A beginnig might be in denial of refers based on country codes and restricting some access in that manner.

IP ranges that were previously reserved and/or not being utilized are being made available globally, which results in less focus on a specific Class A range. Making global organization by Class A more difficult than it was five years ago.

Two tools, and there are others to be found as well.

A tool named eXpress IP Locator may prove beneficial.

This site, although active is provided via archive to assure link longevity.
[web.archive.org...]