It's not an IP address, it's a hostname. You should be able to look up the associated IP address using most of the online tools you mention. Or just ping that hostname, and get the IP address from the resulting report. However, it is quite common for the IP address to be embedded in this kind of hostname string, sometimes with the octet order reversed, and sometimes not. So you may already have the IP address in somewhat mixed-up form.

Do you already have any working mod_rewrite rules in an .htaccess file on this server?

If so, then something like

RewriteCond %{REMOTE_HOST} ^1-2-3-4\.cable\.5.6\.example\.co\.uk$
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/5\.0\ \(Windows;\ U;\ Windows\ NT\ 5\.1;\ en-GB;\ rv:1\.8\.1\.6\)\ Gecko/20070725\ Firefox/2\.0\.0\.6$
RewriteRule .* - [F]

Would return a 403-Forbidden response for that *exact* request -- A request from that exact hostname using that exact Firefox user-agent string *only*.

Of course, you might want to adapt the regular expressions patterns in that code to be a little more flexible -- for example, to accept a wider range of the IP address digits embedded in the hostname, or to accept multiple versions of the Firefox user-agent string... That all depends on the details of the situation you've outlined here.

(When posting IP addresses here in this forum, it is required only to obscure them. For example, substitute "***" or "nnn" for one octet of the IP address. The IP addresses allocated to and directly *used by* well-known corporations need not be obscured. We're primarily concerned with privacy and potential abuse issues related to posted IP addresses.

Jim

Jim Thank you very much. I deny his IP address on my htaccess file. so hopefully no more spams from him.

asamm

I just found out that his IP address keeps changing every day. Any idea how to stop this guy?

thanks

javascript validation is simply just not a reliable defense in any way whatsoever.
you can just turn off javascript in the browser or - more likely in this case - just script the form in a program.

you'll need serverside validation of your form.
if the IP-address changes, you are more or less toast.

one thing that might work:
assign a unique identifying string to each form request so you have a string + IP-number + time. If the combination is too old, or too many requests come from the same IP-address, drop the info. Each string + IP-number can only be used once.

Block the whole IP address range -- Only works if you know you don't get legitimate requests from within that range. Only close observation and study can tell you if this is feasible.

Access control based on referer. The form's referrer should be from your own site, possibly blank with users behind corporate or ISP proxies, or using "Internet Security" software. This still leaves a hole, but can be effective in enough cases to help.

Access control based on user-agent. Must be used in combination with other methods because it's not really feasible to, for example, block all Firefox users.

If the spammer is using the form, then change the URL of the form weekly/daily/hourly/faster. Be sure that the Cache-control and Expires headers of pages containing these ever-changing links pointing to the form are set properly, so that users cannot see a cached stale form-page link.

If the spammer is POSTing directly to your script, then periodically change the URL of the script that your form POSTs to. Same details as the previous item.

Captcha -- See many threads [google.com] here on WebmasterWorld about Captchas on form pages.

Usually, a combination of the above will cut abuse down to a manageable level.

Jim

thank you very much guys

your advice has helped a lot. I manged to add some serverside validation. The spammer used a range of similar emails and names so as a quick fix I deny him according to his names/emails until I learn how use captcha and other advance feature.

cheers