I’ve had trouble with some clients abusing sites in the past. There are many ways to address this type of problem such as Captcha, and other rate control mechanisms. When all else has failed, I’ll typically enforce an IP tables rule that will simply block an address range of IP addresses at the network interface on my server. Often simply blocking a single IP address will not prevent the abuse for long, and I usually have to resort to blocking an entire range. Subnet calculations are not terribly difficult but here is a link to a tool that will help you compute the subnet mask for a range of IP addresses quickly and easily that i like to use.