I've had the same type of spammers hit my message board. There doesn't appear to be any type of legitimate email address. My spammer was using cjb.net for their email, so I banned all of cjb.net emails, then deleted the accounts, at the time it was 1, the it went to 2. Now just yesterday I had 4 new accounts after I changed the forum to user activation via email. Now I just made it so I have to approve the memberships until I can sort this out. I currently have 10 members, but it's a public board, but I have devoted readers to whatever is submitted.
I have went through my raw log files. Somehow they are going around the raw log files for IP #'s. But after I activated user activation via email, then I got 4 new accounts, with all the same information, even same account name. I don't know how to research the passwords, but I did try searching the raw log files for topace's reference to the password being the same. Found nothing.
This is what recovered from my raw log files:
I'm not quite sure blocking IP #'s will work unless we know for sure which IP is doing this. I suspect they have some sort of program to scramble IP numbers, along with some sort of automated emailer. Since this person would have to hit the link. Wondered why the flood control didn't kick in. Maybe this is only for messages. If there was a flood control for making new accounts, it would make this more managable, if I have to keep deleting accounts. I suppose I could always change the directory name to the forum, but that may cause confusion amongst my AOL readers.
From reading this thread it looks like it's best to upgrade to 2.0.11.
I'm currently running 2.0.8.
Had anyone had success from upgrading to 2.0.11 for the visual verification?