[Retric]

Rate limiting prevents a specific IP from causing a successful DoS. You can log higher level information like county without linking it to a specific user.

In terms of hacking, building a secure site prevents this problem at the source. Banning specific IP’s in a world of proxies and public WiFi is almost useless.

[viraptor]

You don't ban them forever. Banning specific ranges which impact you right now is very effective too. Also "building a secure site" at some scale is impossible. At some point you try to figure out where the risk is, how to mitigate it, and what happens after a break-in. You can't prevent it. Logging helps track specific behaviour and catch those situations. That's similar to fraud prevention as well. The fact that someone who just logged in from Germany tries to spend credit in a request from Brazil is important and prevents real crime. That kind of information needs to be connected to an account.

[Retric]

I specifically said you can get and log country information without logging specific IP’s.

Working on at /24 the level does everything else you mentioned.