I'm not real familiar with click bombing since i am not doing any Adsense stuff. I googled it and i see that click bombing is a dirty way to mess with someone else's Google Adsense Ads. I will look into this some more and see if there is a better way to handle this or protect a site from click bombing.
You would add your Limit directive coding to the Bottom Custom Code text box on the BPS Custom Code page, save it, then click the AutoMagic buttons on the Security Modes page and then Activate BulletProof Mode for your Root folder.
Also here is some standard IP and Hostname blocking .htaccess code as another example.
# Block Repeat Offenders by IP and Hostname
Allow from all
Deny from 10.1.3.0/24
Deny from hidemyass.com
deny from proxy.com
deny from anonymouse.com
deny from proxify.com
I think a better approach would be to actually limit the number of clicks allowed by IP address instead of trying to block a list of IP addresses. I will play around with this and see if i can figure out something that works effectively.
it looks there is a WordPress plugin that may do this already, but it is not rated very well - http://wordpress.org/extend/plugins/ad-logger/
and i came across this possible paid product that may work - Adsense Defender.