Do you do IP ranges when you ban or just single IP's?
I only resort to IP bans in the case of "obvious spam is obvious" -- see the glut of PM spammers. (i've got to set a three posts before you can send more than one PM limit, but it's been a while since I've done that with SMF so I need to re-train)
But when I do I research the address range. SMF has some nice built-in features for dealing with doing whois lookups on arin/ripe/apnic/afrinic/etc directly from the forum / user account pages, and gives you a nice big cross-reference of all users who've come from the same IP's.
If the whois tells me it's some form of data center, from one of the many international "hives of scum and villiany" like Nigiria or the Ukraine, I band the whole region. Otherwise I set a singe IP ban.
Research is an important part of doing bans. You don't blindly drop an entire IP address region if it's for a normal ISP... but if a RDNS sample of the range returns actual websites, you kick them to the curb since there's little reason for legitimate traffic to be coming from a server farm.
On the back-end I also have fail2ban running. Getting hammered for ftp and ssh brute force requests is far more of an issue and having fail2ban kicking those folks in the groin limiting them to three failures before a time in the penalty box makes most attackers just give up and go elsewhere.