2
I'll just point out that blocking on the basis of IP is generally not a good idea. People on dialup or cable often have dynamically assigned IP addresses. The next time they connect they could have a different address, and someone else may get the previous address they had. If you block an IP you could be blocking (occasionally) a lot of other users at the same ISP.
That said, XOOPS does not log the IP address of each login (I don't think). Some modules store this information, but if you just want IPs for logins you may have to make some tiny modifications to the XOOPS code to do this for you. Alternatively if you have access to the http server logs, look for all requests to pages yoursite.com/user.php and find the IP address that way. With the second approach it may be difficult to connect user ID with IP address though.