Not to long ago some of my forms on evaria.com were abused (or at least somebody tried) to submit SPAM. In order to stop this I set up a simple rule in a few of my .htaccess files across the site.
In order for the “filter” to be effective you need to know from what IP(‘s) you’re being targeted. This should be available in your server log or, if you are like me, in the admin notification mail received whenever someone is submitting one of your forms.
Below is an example from one of my .htaccess files, edit the IP’s to fit your needs:
order allow,deny deny from 85.255.113 allow from all ErrorDocument 403 http://www.example.com/403.html
You can add as many IP’s you want. From the example above I’m blocking all IP’s ranging from 18.104.22.168 to 22.214.171.124. These are all part of the “inhoster.com” network operating from the Ukraine. I might be blocking someone nice, but if so I’ve set up an info page (ErrorDocument 403) informing those (if any) about why and their options.
If you just want to give visitors coming from external websites a warning/info see my post about how to filter incoming links, but have in mind that this method can not be trusted in the same way as an IP block and should not be implemented if you depend on having the external client/site blocked.