The code below is used to ban an ip address from accessing your website, its easy and free, Enjoy!




<!-- Paste this code into the HEAD of HTML document -->
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Original: kdcgrohl -->
<!-- Web Site: http://www.kdcgrohl.com -->
<!-- Dist: http://www.darfuns.com -->
<!-- Begin
// This JavaScript uses server side includes ("SSI") so this document's name must end in .shtml
function ban(){
var ip = '<!--#echo var="REMOTE_ADDR"-->';
//add as many ip's below as you wish.
if (ip == "x.x.x.x" || ip == "x.x.x.x") {
//if you wish to change the alert message, do so below.
alert("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Attentio n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\nYour ip address \("+ip+"\) has been banned!");
history.go(-1);
window.location.replace("http://www.yahoo.com
}
}
ban();
// End -->
</script>

I just use IP chains for my own site (we do in on the router at work)
http://www.flounder.net/ipchains/ipchains-howto.html#3
banning by executing code on your app server isn't truly banning. Those visitors are still executing code on your app server and still have the potential to DOS.

Banning at the lowest level in the protocol stack limits their effect the most.

Will Code is right. You can't count on a client to carry out their own ban.

@darfun

I'd suggest you turn off javascript in your browser and then see how effective your "banning" method is.

I.P. banning with JavaScript is hugely flawed, and anyone thinking it's a viable method of banning users seriously needs to rethink their security.
JavaScript is a client side technology, which basically means that if it's annoying the end user, they can turn it off, thus allowing them to access the site again.

If you're going to do application based security, then it's best to use something like PHP, which doesn't give the end user the chance of disabling it.

IP Ban by javascript is not a good way to do. I like to do it with PHP or from Cpanel. As Nuvo said, JavaScript is a client side technology, ball is not in your court