Assuming that files are getting uploaded or existing by being uploaded by some script or special form, you can do this with PHP as well. You can add additional code to filter file type by header rather than by filetype field. Doing so by file header gives you a truer result of file type. Regarding the IP you can block them from accessing the website by adding a table to the database and store your blocked ip's in that table, then just refer to that table data when someone visits the site and send them packing if the ip is listed in the table data.
With regard to other types of blocking:
You can also do country blocks via htaccess, just remember that using country blocks can really slow down your website. The last time i looked the country block ip list of known spammers was huge, really huge! For your website to have to sift through that list every visit, you would need a really fast server to make it worth whille IMO.
Also understand that since spammers and those who are doing no good seem to spoof public IP's, if you block a bunch of IPs, it is possible you could also block a valid customer who just happen to have the wrong IP at the moment.
You can also block visits using paypal if you sell items, they also have a country block with regard to their gateway process which allows you to block country ips and visits using other filters and that runs on their server not yours so lag is not an issue.
