here is what I suggested this morning on french XOOPS forum.
for what i know, this spammer always uses a particular url in his profile.
i modified my register.php (xoops 2.0.16) to add a test on this url.
backup your register.php before any change.
line 41, replace :
function userCheck($uname, $email, $pass, $vpass)
with
function userCheck($uname, $email, $url, $pass, $vpass)
line 141 :
$stop .= userCheck($uname, $email, $pass, $vpass);
with
$stop .= userCheck($uname, $email, $url, $pass, $vpass);
line 174 :
$stop = userCheck($uname, $email, $pass, $vpass);
with
$stop = userCheck($uname, $email, $url, $pass, $vpass);
to finish, line 92, after :
if (strrpos($uname, ' ') > 0) {
$stop .= _US_NICKNAMENOSPACES."<br />";
}
add :
//spam gwb
if (preg_match("/george-walker-bush/i", $url)) {
$stop .= _US_INVALIDMAIL."<br />";
}
//spam gwb
thus, if someone try to register on your website, with an url containing "george-walker-bush", a message will tell to him that his email is not valid.
this is surely a temporary solution, but this prevents your website to be spammed easily !