YHYM!!!!!
PS someone well done site!

If IP blocking isn't the way to go, then at minimum, for example...
Right now I'm logged in to xoops so technically, no one should be able to log in with my details WHILE I'm still logged in here; the system should automatically block the second log in attempt and ban the user. So I am understanding that this is what Protector does? If not, what does?

You hit it on the nail Katz! I ain't got time to be watching IP addresses; I need an automated response unit to terminate and destroy the offenders LOL. Right now I have the voluntary donation box and I am seriously thinking of making it a paid membership and so need to implement certain security features that I see on other sites.

The banks do it in a following way:

- the first time you login, they save some unique identifier related to your computer and OS.

- if you log in from another computer (or reinstall your Windows), they will ask you some security questions that you've provided answer to before (e.g. name of your best friends from high-school or name of your first pet)

- once they check out, you'll get access, and they save the new ID

- I am sure that if you go back and forth, it will raise a red flag and they will investigate it.

Maybe somebody could design something similar for XOOPS - it would probably solve your issue.