diff --git a/repology.conf.default b/repology.conf.default
index b14cfd68..b5d1eafa 100644
--- a/repology.conf.default
+++ b/repology.conf.default
@@ -150,6 +150,11 @@ DISABLED_REPORTS = []
 #
 SPAM_KEYWORDS = []
 
+#
+# Do not allow reports from these networks
+#
+SPAM_NETWORKS = []
+
 #
 # Default timezone to use in the web interface
 # The webapp tries to replace this to user's local timezone with javascript
diff --git a/repologyapp/views/project.py b/repologyapp/views/project.py
index 2ceb46dc..5c409d10 100644
--- a/repologyapp/views/project.py
+++ b/repologyapp/views/project.py
@@ -19,6 +19,7 @@
 from dataclasses import dataclass
 from datetime import timedelta
 from functools import cmp_to_key
+from ipaddress import ip_address, ip_network
 from typing import Any, Callable, Collection, Iterable, Self, TypeAlias, TypeVar
 
 import flask
@@ -505,6 +506,15 @@ def project_report(name: str) -> Response:
         if need_vuln and (comment is None or 'nvd.nist.gov/vuln/detail/CVE-' not in comment):
             errors.append('link to missing NVD CVE entry (e.g. https://nvd.nist.gov/vuln/detail/CVE-*) is required')
 
+        try:
+            address = ip_address(flask.request.remote_addr)
+            for network in config['SPAM_NETWORKS']:
+                if address in ip_network(network):
+                    errors.append('spammers not welcome')
+                    break
+        except ValueError:
+            pass
+
         if not errors:
             get_db().add_report(
                 name,