Your server is likely not configured to allow reverse-DNS lookups, which are required to "deny by domain" using either mod_access or mod_rewrite.

However, you need to block when their site is the HTTP Referer, not the Remote Host. It is likely not their server that is fetching your image, it is their visitor's browsers that are fetching your image. This is classic "hotlinking" -- a subject well-covered here (see site search link above). This abuse can be reduced with mod_rewrite or with a combination of mod_access and mod_setenvif

Delete your browser cache between tests that should work and tests that should be blocked -- both ways. Otherwise, if your browser caches one of your images when you look at you own site, it won't need to fetch that image again to show it on the forbidden site. And if your browser caches a 403 response while you're looking at the forbidden site, then you'll see a forbidden response when you return to your own site. Massively-confusing if you don't flush your cache...

Jim

For now I'm just blocking it with php and will look into it more tomorrow because I still see some hits coming thru with their site as the referrer.

if(isset($_SERVER['HTTP_REFERER'])){
 $idiot = $_SERVER['HTTP_REFERER'];
 $idiot2 = "example.com";
 if (strpos($idiot, $idiot2)){
 die();
 }
}

They're not hotlinking an image on my site though, they're opening an entire page on my site using 0x0 img src to try and fool my referrer script like...

<img src="http://mysite/mypage.php" alt="" />

This below should work but I'll have to test it tomorrow when I have more time.

RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*example.com.*$ [NC]
RewriteRule .* - [F,L] 

Minor tweaks:

RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*example\.com [NC]
RewriteRule ^ - [F]

Jim