If the people who need access to your staging environment have stable IP addresses, you could get away with just setting up firewall rules that only allow those addresses.
As an alternative to VPN you can also use SSL client certificates and set up the staging environment's web server to require a valid certificate. This is what I use at the moment for protecting a staging environment. For Mac OS X and Windows it's pretty much a matter of installing the certificate into the Keychain or Windows' certificate store, and it will be automatically picked up by Google Chrome.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If the people who need access to your staging environment have stable IP addresses, you could get away with just setting up firewall rules that only allow those addresses.
As an alternative to VPN you can also use SSL client certificates and set up the staging environment's web server to require a valid certificate. This is what I use at the moment for protecting a staging environment. For Mac OS X and Windows it's pretty much a matter of installing the certificate into the Keychain or Windows' certificate store, and it will be automatically picked up by Google Chrome.