diff --git a/backend/app/controllers/users_controller.rb b/backend/app/controllers/users_controller.rb
index 64aa43c..048e032 100644
--- a/backend/app/controllers/users_controller.rb
+++ b/backend/app/controllers/users_controller.rb
@@ -1,9 +1,9 @@
 class UsersController < ApplicationController
   def create
     return head :unprocessable_entity if request.remote_ip.blank?
+    return head :forbidden if ip_address_banned?
 
     user = nil
-
     User.transaction do
       user = User.create!(inheritance_code: SecureRandom.uuid, role: :guest)
       attach_ip_address!(user)
@@ -15,10 +15,12 @@ class UsersController < ApplicationController
   end
 
   def verify
+    return head :unprocessable_entity if request.remote_ip.blank?
+    return head :forbidden if ip_address_banned?
+
     user = User.find_by(inheritance_code: params[:code])
     return render json: { valid: false } unless user
-
-    return head :unprocessable_entity if request.remote_ip.blank?
+    return head :forbidden if user.banned?
 
     attach_ip_address!(user)
 
@@ -63,4 +65,11 @@ class UsersController < ApplicationController
 
     UserIp.create_or_find_by!(user:, ip_address:)
   end
+
+  def ip_address_banned?
+    ip_address = IpAddress.find_by(ip_address: IPAddr.new(request.remote_ip).hton)
+    return false unless ip_address
+
+    ip_address.banned?
+  end
 end
diff --git a/backend/app/models/ip_address.rb b/backend/app/models/ip_address.rb
index bf73658..4c68099 100644
--- a/backend/app/models/ip_address.rb
+++ b/backend/app/models/ip_address.rb
@@ -1,7 +1,9 @@
 class IpAddress < ApplicationRecord
   validates :ip_address, presence: true, length: { maximum: 16 }
-  validates :banned, inclusion: { in: [true, false] }
 
   has_many :user_ips, dependent: :destroy
   has_many :users, through: :user_ips
+
+  def banned? = banned_at.present?
+  def ban! = update!(banned_at: Time.current)
 end
diff --git a/backend/app/models/user.rb b/backend/app/models/user.rb
index 7e07642..4834254 100644
--- a/backend/app/models/user.rb
+++ b/backend/app/models/user.rb
@@ -4,7 +4,6 @@ class User < ApplicationRecord
   validates :name, length: { maximum: 255 }
   validates :inheritance_code, presence: true, length: { maximum: 64 }
   validates :role, presence: true, inclusion: { in: roles.keys }
-  validates :banned, inclusion: { in: [true, false] }
 
   has_many :created_posts,
            class_name: 'Post', foreign_key: :uploaded_user_id, dependent: :nullify
@@ -19,5 +18,9 @@ class User < ApplicationRecord
            class_name: 'WikiPage', foreign_key: :updated_user_id, dependent: :nullify
 
   def viewed?(post) = user_post_views.exists?(post_id: post.id)
+
   def gte_member? = member? || admin?
+
+  def banned? = banned_at.present?
+  def ban! = update!(banned_at: Time.current)
 end