Another very effective way to ban users based on IP is to set up firewall rules to drop everything from specific IP:s. Some "humans" are easy fooled that the website is down.
if (!empty($HTTP_GET_VARS['theme'])) {
$xoopsConfig['theme_set'] = $HTTP_GET_VARS['theme'];
$HTTP_SESSION_VARS['xoopsUserTheme'] = $HTTP_GET_VARS['theme'];
}