here is what I suggested this morning on french XOOPS forum.
for what i know, this spammer always uses a particular url in his profile.
i modified my register.php (xoops 2.0.16) to add a test on this url.
backup your register.php before any change.
line 41, replace :
le="color: #000000"><?php function userCheck($uname, $email, $pass, $vpass)
with
le="color: #000000"><?php function userCheck($uname, $email, $url, $pass, $vpass)
line 141 :
le="color: #000000"><?php $stop .= userCheck($uname, $email, $pass, $vpass);
with
le="color: #000000"><?php $stop .= userCheck($uname, $email, $url, $pass, $vpass);
line 174 :
le="color: #000000"><?php $stop = userCheck($uname, $email, $pass, $vpass);
with
le="color: #000000"><?php $stop = userCheck($uname, $email, $url, $pass, $vpass);
to finish, line 92, after :
le="color: #000000"><?php if (strrpos($uname, ' ') > 0) { $stop .= _US_NICKNAMENOSPACES."<br />"; }
add :
le="color: #000000"><?php //spam gwb if (preg_match("/george-walker-bush/i", $url)) { $stop .= _US_INVALIDMAIL."<br />"; } //spam gwb
thus, if someone try to register on your website, with an url containing "george-walker-bush", a message will tell to him that his email is not valid.
this is surely a temporary solution, but this prevents your website to be spammed easily !