[hedora]

IP blocking blocks most of the people on our local ISP. They are small, and use CGNAT, so one owned windows machine across town breaks sites like yours for everyone, and the root cause is extremely difficult to debug for end users.

As much as I deeply, deeply dislike captchas, ip blocking is far worse.

[sweetjuly]

IP blocks also just don't work on IPv6. Unless you're prepared to block entire by ASN, an adversary can cheaply just buy up a lot of address space and churn through them. It gets even messier when dealing with real ISP networks because some hand out /40s for residential customers whereas others give just a /56.

[nerdbert]

I'm sure you can buy a table that says what size subnet to block for various ipv6 ranges.