I started commenting but I deleted everything half way because I hadn't thought about public WiFi access points. I remember we used to do temporary IP bans on the English Wikipedia if there was too much abuse but it was only for editing. 4chan bans are also for posting afaik. I don't know of a blanket refusal to connect ban for a web server.

Would it be ok to ban an entire IP just because someone from that IP has a compromised machine? I remember this argument that if there is obviously malicious traffic coming from an IP address, the right solution is to block traffic at the next stop, usually the ISP supplying Internet access to that connection. Failing that, the back end should disconnect the ISP and failing that, the other peers should disconnect from the malicious peer. But I don't know how practical it is...