Only one Order directive is allowed per .htaccess file; Others will be ignored. So that's probably the main problem. If you Limit your denies to only GET requests, then POST, DELETE, etc. will not be denied. If you wish to deny a range of addresses, say from 192.123.123.0 through 192.123.123.255, then you must use a form of the Deny from directive that specifies a range. The Order directive does not specify the order of your Allow/Deny directives in the .htaccess file, it specifies their priority. See mod_access [httpd.apache.org] for more details.

Because of the single-Order directive requirement, let's move your .htaccess file protection into mod_rewrite just to keep things simple.

# Set up for mod_access code below
SetEnvIf Request_URI "(custom_403_page\.html¦robots\.txt)$" allowit
#
<Files *>
Order Deny,Allow
#
# Deny from problem-site.com
Deny from 216.xx.xx.0/24
Deny from 64.xx.xx.0/24
#
# Allow [i]everybody[/i] access to robots.txt and custom 403 error page
Allow from env=allowit
#
</Files>
#
# Block access to .htaccess and block specific user-agents
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} \.htaccess$ [OR]
RewriteCond %{HTTP_USER_agent} ^online_link_validator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
RewriteRule .* - [F]

This code will blcok access to the requested files. It will not stop the requests from being logged in your access log or in your 'stats'.

Jim