The "deny from" form is for IPs so you really can't block by country unless you determine all IPs being used within that country.

You can deny by referer, but most requests have no referer and when they do it may or may not be fake, too easy to fake - which makes .ru, .ua, etc. not very efficient.

You can deny by UserAgent, but again, UAs are simple to fake.

Most reliable way to block is by using IPs and not random IPs that might be used by someone with a .ru referer showing in your logs. Most of that is referer spam, done by bots. The way to make them stop is to block the server farms that host bots. There is an entire forum here: [webmasterworld.com...] dedicated to that topic where you can learn the culprits IPs and add them if you wish. I suggest a visit to the forum Charter and Library there to pick up basic tips and information.

If your htaccess file is properly ordered to work efficiently, you can add hundreds of lines of IP blocks without any significant, noticeable performance hit.

I was thinking about reorganizing htaccess based on regions vs by country?

I think this is completely a matter of your personal preference and what's convenient for you. I originally listed everyone in strict numerical order, with a separate section for China and I think AWS. (I forget why I decided the latter was appropriate. China simply because there's so ### many of them, and I really don't meet that many other offenders from APNIC.) Later I found it was more convenient to put RIPE and ARIN in separate blocks.

deny from kiev.ua

I would absolutely not, ever, do this. If you put anything other than a numerical IP after an Allow/Deny directive, it throws the server into
:: detour to look this up, because I was reading about it just the other day ::
HostNameLookups mode. Extra work with no real benefit, and makes logs unreadable. (Opinion, again. ymmv.)

Regardless of the setting, when mod_authz_host is used for controlling access by hostname, a double reverse lookup will be performed.

With further blahblah about all-around disadvantages to doing this as a matter of routine.

deny from kiev.ua kievnet.ua kievnet.com.ua kyivstar.net

VS

deny from kiev.ua

Aside from the hostname issue, it is fine to put multiple items on the same line. I generally put each A range (64, 65, 66...) on a line of its own. Watch out for extraneous punctuation: I once had several days' logs thrown into Lookup mode before I found the stray comma that caused the problem :(

Link here just to increase the chances I'll find the right page next time I need it:
[httpd.apache.org...]
(2.2 and 2.4 appear to be identical)

Thanks for the Advice Ya'll 8)

Looks like I will be doing a lot of Texas Two Stepping of Bad IP's ;}

# Example: kyivstar.net
deny from 193.41.

but wait, there's more:
37.115.0.0/16
46.119.112.0/20
94.153.64.0/19
134.249.0.0/16
176.8.0.0/16
178.137.128.0/20

and more...

37.115.0.0/16

You can shave 7 bytes off each IP (can add up to a couple of K in the whole htaccess) by truncating to

37.115

I don't think it makes any difference whatsoever to server workload.

Here's some old threads with examples.

These are certainly incomplete, however they are a beginning.

[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

Here's a more recent thread with a more complete list of ranges:
Block non-North American Traffic for Dummies Like Me [webmasterworld.com]

Thanks for the info 8)

Block away, just keep a little common sense DOCUMENTATION of what each block is... you might want to turn it back on one day. :)

Below was a easy Block!
(For the most part I using my naughty list for the IP Ranges which uses 3 dots.)

Is there a site that is easier to see who is listed/hosted on a IP Range?

*HINT - I don't care who I'm blocking as long as it's not the USA.

I have seen where some two dots truncated numbers from europe blocks parts of asia & the usa too.

# AfriNIC (Africa)
deny from 41.
deny from 102.
deny from 105.
deny from 154.0.
deny from 196.
deny from 197.

two dots truncated numbers

?

Almost every range-- including AfriNIC-- includes a few sectors from other parts of the world. Especially in the Early Registration blocks, which include about half of the 128-and-up area.

The definitive list of who owns which A range is here (IPv4) [iana.org] and here (IPv6) [iana.org]*. In IPv4, the combination "Admistered by {some-registry-name}" with "LEGACY" means "This area is a hopeless mess and there isn't a thing you can do about it except go down into B ranges (/16 as opposed to /8)".


* I originally said [iana.org...] but that isn't as useful.

Thanks! You have given me much to think about.