From some public and private descriptions, it sounds like we're all getting attacked by the same brazillian shemale. Since this is clearly an automated attack, it won't be long before it spreads to others that do the same thing.
However, all of the attacks I've had have been from the same IP address. Ever since I blocked the IP, I don't know if they've even tried since they can't reach any of my domains!
Here's how I did it:
- 1. My site is configured to require admin approval. Every registration attempt results in me getting a piece of mail to approve it.
2. I tracked down the IP address of each attempt by looking through my web logs for the entires with the dates+times corresponding to the dates+times the registration approval email was sent to me.
3. I added yet-another line like this to my .htaccess file (requires Apache):(replace 18.104.22.168 with the IP found in the logs)
4. I also upgraded to 2.0.7a, installed and enabled visual confirmation, and put in a mod/hack of my own. But because of blocking the IP, I'll never know if that same brazillian shemale will ever pay me a visit ever again.
For those not familiar with Apache's .htaccess files, you can control some behavior of the website on a recursive, per directory basis. If you create a file like I just described and drop it in your phpBB directory, that directory and all below it will deny anyone from that IP from seeing/connecting/using the phpBB, but everything else in the domain outside of it isn't affected. If you want to block them from seeing the entire site, drop it in the root level.
Using a deny statement in .htaccess isn't the best way to do it, but if you don't have access to the main server config, it might be the only way and works wonderfully. And of course, that only applies to Apache, but I'm sure other servers have similar features.
Be careful with it though. Don't test it by using your own IP.
You can also use it to deny IP ranges, companies, countries, etc. On top of that, .htaccess has even more wonderful features that I won't get into here.
Again, if you find the IP, please let me know. Thanks.