Great question — and one we occasionally hear from users.
Here’s what happened:
FormDefender successfully blocked bots and users based on the geographic restrictions you set. However, the user in question was a human who used a VPN (Virtual Private Network) to route their internet traffic through a region you allowed.
VPNs can mask a user’s true location. While their physical location may be in a restricted country, their IP address — the part we use to determine geographic location — was from an allowed region. In this case, FormDefender worked as intended: it detected an allowed IP and let the human through.
Can ListDefender block VPNs?
Technically, blocking all VPN users is extremely difficult and generally not advisable. Here's why:
VPNs don’t always flag themselves: Most major VPN providers don’t provide any indicators or metadata that would allow us to detect and block them.
VPN IP databases exist but are unreliable: There are services that attempt to maintain lists of known VPN IP addresses, but they’re often incomplete or quickly outdated.
Blocking VPNs can hurt legitimate users: Many people use VPNs for security, work, or privacy reasons — including those in allowed regions. Blocking all VPNs can unintentionally exclude valid leads or customers.
We understand this can be frustrating, but rest assured: FormDefender is doing its job as designed. VPNs are a unique challenge that no software can completely mitigate without major trade-offs.