Sure, but sometimes, that feature is very useful, when an old post with personal data, from a user that does not want to login again, can send an admin report to delete personal data.
So most sensible way for me would be to restrict geographically or entire IP classes.
If I ban, the respective IP, seems that it is ignored by admin reporting.