Because those suckers are usually smart enough to avoid static IPs, it's hard to block them. However, it's possible to shut them down. I've sent a few cease & desist letters, received apologies, and stopped a couple of referrer spammers. Unfortunately, this approach involves work, that is research.
My emails cc:
· the admin/abuse/hostmaster email address of each domain appearing in the referrers
· the abuse address of the hosting company
· the abuse address of the domain registrar
· all email addresses collected from whois searches including the hosting company
· the abuse addresses of the ISPs from where the bots ran
· the email addresses of local authorities and all sorts of spamcops
Q: How to get the hosting service and domain registrar via domain name?
A: Do a whois search at WebHosting.info
Q: How to get the spammer's ISP?
A: Search your server logs for the faked referrer URL and do a whois search at GeekTools for the user's IP address
Q: What is a C&D letter?
A: Example C&D "Konstantin Lysenko and Sergei Goshko, stop your referrer spam bot or I'll shut you down. 100 faked requests per hour to several URLs not linked from your site with your home page as referrer URL is abusive." Example answer "Dear Sebastian, I worked on tool that checks my clients resources for inappropriate content. Possibly it went out of control. I disabled it for now. I'm really sorry it caused you problems. Thank you, Sergei". The reply is laughable, but at least the referrer spam from that assclown was stopped.
Be creative :)
Post it to