Blocking unwanted visitors

Not to long ago some of my forms on were abused (or at least somebody tried) to submit SPAM. In order to stop this I set up a simple rule in a few of my .htaccess files across the site.

In order for the “filter” to be effective you need to know from what IP(‘s) you’re being targeted. This should be available in your server log or, if you are like me, in the admin notification mail received whenever someone is submitting one of your forms.

Below is an example from one of my .htaccess files, edit the IP’s to fit your needs:

order allow,deny
deny from 85.255.113
allow from all

ErrorDocument 403

You can add as many IP’s you want. From the example above I’m blocking all IP’s ranging from to These are all part of the “” network operating from the Ukraine. I might be blocking someone nice, but if so I’ve set up an info page (ErrorDocument 403) informing those (if any) about why and their options.

If you just want to give visitors coming from external websites a warning/info see my post about how to filter incoming links, but have in mind that this method can not be trusted in the same way as an IP block and should not be implemented if you depend on having the external client/site blocked.

About Author